H3js H3
5 CVEs affecting H3js H3. Latest disclosed: 2026-03-26. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-23527 | High | 8.9 | 2026-01-15 | H3 is a minimal H(TTP) framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRaw… |
CVE-2026-33128 | High | 7.5 | 2026-03-20 | H3 is a minimal H(TTP) framework. In versions prior to 1.15.6 and between 2.0.0 through 2.0.1-rc.14, createEventStream is vulnerable to Server-Sent Events (SSE… |
CVE-2026-33131 | High | 7.4 | 2026-03-20 | H3 is a minimal H(TTP) framework. Versions 2.0.0-0 through 2.0.1-rc.14 contain a Host header spoofing vulnerability in the NodeRequestUrl (which extends FastUR… |
CVE-2026-33129 | Medium | 5.9 | 2026-03-20 | H3 is a minimal H(TTP) framework. Versions 2.0.1-beta.0 through 2.0.0-rc.8 contain a Timing Side-Channel vulnerability in the requireBasicAuth function due to… |
CVE-2026-33490 | Low | 3.7 | 2026-03-26 | H3 is a minimal H(TTP) framework. In versions 2.0.0-0 through 2.0.1-rc.16, the `mount()` method in h3 uses a simple `startsWith()` check to determine whether i… |