h3@2.0.1-rc.17

Minimal H(TTP) framework built for high performance and portability.

latest version

2.0.1-rc.20

latest non vulnerable version

2.0.1-rc.20

first published

9 years ago

latest version published

7 days ago

licenses detected

MIT
>=0.2.0 <1.0.0; >=1.0.1

View h3 package health on Snyk (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the h3 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Allocation of Resources Without Limits or Throttling h3 is a Minimal H(TTP) framework built for high performance and portability. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the `getChunkedCookieCount` function. An attacker can cause the server to enter an inefficient cleanup loop by sending a crafted cookie header with a large chunk count value, resulting in excessive resource consumption and server unresponsiveness. Note: Chunked cookie support was included in 1.15.8 via 61b395e excluded in 1.15.9 How to fix Allocation of Resources Without Limits or Throttling? Upgrade `h3` to version 1.15.9, 2.0.1-rc.18 or higher.	>=1.15.8 <1.15.9>=2.0.0-beta.4 <2.0.1-rc.18
M Open Redirect h3 is a Minimal H(TTP) framework built for high performance and portability. Affected versions of this package are vulnerable to Open Redirect via the `redirectBack` function. An attacker can cause users to be redirected to an external, attacker-controlled domain by crafting a URL with a protocol-relative path that passes origin validation but results in a browser redirect outside the intended domain. How to fix Open Redirect? Upgrade `h3` to version 2.0.1-rc.18 or higher.	>=2.0.1-rc.17 <2.0.1-rc.18

Allocation of Resources Without Limits or Throttling

h3 is a Minimal H(TTP) framework built for high performance and portability.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the getChunkedCookieCount function. An attacker can cause the server to enter an inefficient cleanup loop by sending a crafted cookie header with a large chunk count value, resulting in excessive resource consumption and server unresponsiveness.

Note: Chunked cookie support was included in 1.15.8 via 61b395e excluded in 1.15.9

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade h3 to version 1.15.9, 2.0.1-rc.18 or higher.

>=1.15.8 <1.15.9>=2.0.0-beta.4 <2.0.1-rc.18

Open Redirect

h3 is a Minimal H(TTP) framework built for high performance and portability.

Affected versions of this package are vulnerable to Open Redirect via the redirectBack function. An attacker can cause users to be redirected to an external, attacker-controlled domain by crafting a URL with a protocol-relative path that passes origin validation but results in a browser redirect outside the intended domain.

How to fix Open Redirect?

Upgrade h3 to version 2.0.1-rc.18 or higher.

>=2.0.1-rc.17 <2.0.1-rc.18

Go back to all versions of this package