CVE-2025-43859— h11 环境问题漏洞

h11 accepts some malformed Chunked-Encoding bodies

h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires the combination of buggy h11 with a buggy (reverse) proxy, fixing either component is sufficient to mitigate this issue.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

HTTP请求的解释不一致性(HTTP请求私运)

h11 环境问题漏洞

h11是Nathaniel J. Smith个人开发者的一个用Python从头编写的小型HTTP/1.1库。 h11 0.16.0之前版本存在环境问题漏洞，该漏洞源于行终止符解析不当，可能导致请求夹带攻击。

N/A

N/A