CNNVD-202508-2918 Information

CNNVD ID

CNNVD-202508-2918

Related CVE

CVE-2025-57804

• CNNVD Published: 2025-08-25

Description (Chinese)

python-hyper h2是Hyper开源的一个Python HTTP/2的协议实现。 python-hyper h2 4.3.0之前版本存在注入漏洞，该漏洞源于HTTP2请求拆分，可能导致请求走私攻击。

Description (English)

Python-hyper h2 is a Python HTTP/2 agreement from Hyper Open Source. Pre-python-hyper h23.0 has an injection loophole, which stems from HTTP2 requests for splits, which may lead to requests for smuggling attacks.

Hazard Level

High

Vulnerability Type

注入

Affected Vendor

Hyper

Published

2025-08-25

Last Modified

2026-02-24

References

https://github.com/python-hyper/h2/security/advisories/GHSA-847f-9342-265h https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a https://nvd.nist.gov/vuln/detail/CVE-2025-57804 https://vigilance.fr/vulnerability/h2-header-injection-via-CRLF-Characters-48108

Patch

https://github.com/python-hyper/h2/tags