Security: benoitc/hackney
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
CR/LF injection in query parameterGHSA-j9wq-vxxc-94wf published
May 25, 2026 by benoitcModerate -
Per-chunk timeout with unbounded body accumulation enables slow-drip OOMGHSA-jq4m-q6p2-8gwc published
May 25, 2026 by benoitcHigh -
Unbounded buffer accumulation in WebSocketGHSA-q8jg-fgj4-fphf published
May 25, 2026 by benoitcHigh -
`ssl:connect/2` post-handshake upgrade has no timeoutGHSA-gp9c-pm5m-5cxr published
May 25, 2026 by benoitcHigh -
CRLF / header injection in WebSocket upgrade requestGHSA-f9vr-g2g2-x9fg published
May 25, 2026 by benoitcModerate -
CRLF / header injection via unvalidated `domain` and `path` optionsGHSA-mp55-p8c9-rfw2 published
May 25, 2026 by benoitcLow -
Cross-origin redirect leaks Authorization, Cookie, and request bodyGHSA-h73q-4w9q-82h4 published
May 25, 2026 by benoitcModerate -
Atom-table exhaustion via unrecognized URL schemesGHSA-9653-rcfr-5c62 published
May 25, 2026 by benoitcHigh -
Infinite loop on non-token byte at start of an Alt-Svc entryGHSA-6cp8-v795-jr2j published
May 25, 2026 by benoitcHigh -
SSRF allowlist bypass in hackney_url:normalize/2 via percent-encoded hostGHSA-pj7v-xfvx-wmjq published
May 25, 2026 by benoitcModerate