CVE-2025-57804MEDIUMCVSS 6.9fixed in 4.3.02025-08-25
CVE-2025-57804 [MEDIUM] CWE-93 CVE-2025-57804: h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 req
h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attac
nvd