CVE-2023-50694

An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacker to send a malicious crafted request due to insufficient parsing in the parser.nim component.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
dom96httpbeast
𝑥
≤ 0.4.1
𝑥
= Vulnerable software versions
References
https://gist.github.com/anas-cherni/c95e2fc1fd84d93167eb60193318d0b8
https://github.com/dom96/httpbeast/issues/95
https://github.com/dom96/httpbeast/pull/96
https://gist.github.com/anas-cherni/c95e2fc1fd84d93167eb60193318d0b8
https://github.com/dom96/httpbeast/issues/95
https://github.com/dom96/httpbeast/pull/96