Improper Validation of Specified Type of Input Affecting http-types package, versions *
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-RUST-HTTPTYPES-17394184
- published22 Jun 2026
- disclosed11 Mar 2026
- creditUnknown
Introduced: 11 Mar 2026
CVE NOT AVAILABLE CWE-1287 (opens in a new tab)Common Weakness Enumeration (CWE) is a category system for software weaknesses
How to fix?
There is no fixed version for http-types.
Overview
Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the Authorization::value and WwwAuthenticate::value functions when arbitrary String input is accepted without validation, leading to header values that may contain non-ASCII UTF-8 characters despite assumptions of ASCII-only content. An attacker can bypass expected ASCII-only constraints and potentially cause unexpected behavior or security issues by supplying specially crafted non-ASCII input.