CVE-2025-57804MEDIUMCVSS 6.9fixed in python-h2 4.0.0-3+deb11u1 (bullseye)2025
CVE-2025-57804 [MEDIUM] CVE-2025-57804: python-h2 - h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version ...
h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to mani
debian