Current section
8 Advisories
Jump to
Current section
8 Advisories
Sign-tolerant HTTP/1 chunk-size parser in Mint enables response smuggling against strict intermediaries on pooled connections
Affected Versions
Zero-length HTTP/2 CONTINUATION frames bypass Mint's header-block byte-size cap and exhaust client memory
Affected Versions
Unbounded HTTP/1 response-header and chunked-trailer accumulation in Mint causes memory-exhaustion DoS
Affected Versions
Unbounded conn.streams growth in Mint HTTP/2 client via unenforced PUSH_PROMISE concurrency
Affected Versions
References
- https://cna.erlef.org/cves/CVE-2026-48862.html
- https://github.com/elixir-mint/mint
- https://github.com/elixir-mint/mint/commit/70b97b6a5209fb288b0e04d8e657dda26c59de67
- https://github.com/elixir-mint/mint/security/advisories/GHSA-g586-ccqf-7x4r
- https://hex.pm/packages/mint
- https://nvd.nist.gov/vuln/detail/CVE-2026-48862
- https://osv.dev/vulnerability/EEF-CVE-2026-48862
HTTP/2 CONTINUATION flood in Mint client via unbounded header-block accumulation
Affected Versions
References
- https://cna.erlef.org/cves/CVE-2026-49754.html
- https://github.com/elixir-mint/mint
- https://github.com/elixir-mint/mint/commit/b662d127d3028b5426c88d4c9cc7fe430491a10b
- https://github.com/elixir-mint/mint/security/advisories/GHSA-2p26-p43x-fhp8
- https://hex.pm/packages/mint
- https://nvd.nist.gov/vuln/detail/CVE-2026-49754
- https://osv.dev/vulnerability/EEF-CVE-2026-49754
HTTP response smuggling in Mint HTTP/1 client via lenient Content-Length parsing
Affected Versions
References
- https://cna.erlef.org/cves/CVE-2026-49753.html
- https://github.com/elixir-mint/mint
- https://github.com/elixir-mint/mint/commit/47e48027480228e4e32a0b4df39db497b4804921
- https://github.com/elixir-mint/mint/security/advisories/GHSA-mjqx-c6f6-7rc2
- https://hex.pm/packages/mint
- https://nvd.nist.gov/vuln/detail/CVE-2026-49753
- https://osv.dev/vulnerability/EEF-CVE-2026-49753
CRLF injection in HTTP/1 request line via unvalidated method in Mint
Affected Versions
References
- https://cna.erlef.org/cves/CVE-2026-48861.html
- https://github.com/elixir-mint/mint
- https://github.com/elixir-mint/mint/commit/fad091454cbb7449b19edb8e1fee12ca7cf28c3a
- https://github.com/elixir-mint/mint/security/advisories/GHSA-2pg6-44cx-c49v
- https://hex.pm/packages/mint
- https://nvd.nist.gov/vuln/detail/CVE-2026-48861
- https://osv.dev/vulnerability/EEF-CVE-2026-48861
mint buffers an entire chunked response chunk in memory in Mint.HTTP1.decode_body/5
Affected Versions
Checksum
Dependency Config
mix.exs
rebar.config
Gleam
erlang.mk
Package Details
this version
0
yesterday
64 176
last 7 days
348 889
all time
61 837 690