Skip to content

[GHSA-4px2-pw77-vc85] SwiftNIO HTTP/2: HTTP/2-to-HTTP/1 Request Smuggling via unvalidated :path pseudo-header in HTTP2ToHTTP1Codec#8520

Open
marcelo-es wants to merge 1 commit into
marcelo-es/advisory-improvement-8520from
marcelo-es-GHSA-4px2-pw77-vc85
Open

[GHSA-4px2-pw77-vc85] SwiftNIO HTTP/2: HTTP/2-to-HTTP/1 Request Smuggling via unvalidated :path pseudo-header in HTTP2ToHTTP1Codec#8520
marcelo-es wants to merge 1 commit into
marcelo-es/advisory-improvement-8520from
marcelo-es-GHSA-4px2-pw77-vc85

Conversation

@marcelo-es

Copy link
Copy Markdown

Updates

  • Affected products

Comments
The vulnerability was fixed in version v1.44.0 (as per the description), however the metadata indicates that versions < v.1.44.1 were affected, and that the patched version is v1.44.1 (which doesn't even exist at this point).

This change fixes the metadata to indicate < 1.44.0 as affected versions, and v1.44.0 as patched version.

@github

github commented Jul 7, 2026

Copy link
Copy Markdown
Collaborator

Hi there @Lukasa! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository.

This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory

@github-actions github-actions Bot changed the base branch from main to marcelo-es/advisory-improvement-8520 July 7, 2026 02:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants