CNNVD-202601-2560 Information

CNNVD ID

CNNVD-202601-2560

Related CVE

CVE-2026-23527

• CNNVD Published: 2026-01-15

Description (Chinese)

H3是H3开源的一个HTTP框架。 H3 1.15.5之前版本存在环境问题漏洞，该漏洞源于Transfer-Encoding标头检查严格区分大小写，可能导致HTTP请求夹带攻击。

Description (English)

H3 is an HTTP framework for the open source of H3. Prior version H3 1.15.5 has an environmental loophole, which stems from a strict case-sensitive check of the Transfer-Encoding header, which may lead to HTTP requesting a belt attack.

Hazard Level

Medium

Vulnerability Type

环境问题

Affected Vendor

H3

Published

2026-01-15

Last Modified

2026-02-24

References

https://github.com/h3js/h3/commit/618ccf4f37b8b6148bea7f36040471af45bfb097 https://github.com/h3js/h3/security/advisories/GHSA-mp2g-9vg9-f4cg

Patch

https://github.com/h3js/h3/releases