Tag
Tesla Elixir Client Decompression Bomb (CVE-2026-48594)
1 TTP 1 CVEA critical vulnerability, CVE-2026-48594, in the Tesla Elixir HTTP client library allows an attacker to cause a denial of service by serving a specially crafted HTTP response with multiple `content-encoding` headers that, when processed by vulnerable versions (0.6.0 through 1.18.2) of the client using `Tesla.Middleware.DecompressResponse` or `Tesla.Middleware.Compression`, leads to exponential memory expansion and application crashes.
Tesla Elixir HTTP Client Header Leak via Case-Sensitive Redirect Filtering (CVE-2026-48595)
2 TTPs 1 CVEA vulnerability in the `Tesla.Middleware.FollowRedirects` component of the `tesla` Elixir HTTP client library allows `Authorization` headers to be leaked during cross-origin redirects due to a case-sensitive comparison, enabling an attacker controlling a redirect destination to receive bearer tokens or other credentials from applications using `tesla` versions 0.6.0 through 1.18.2.
Tesla HTTP Client Library Vulnerable to Atom Exhaustion Leading to Denial of Service (CVE-2026-48597)
1 TTP 1 CVEA high-severity denial-of-service vulnerability (CVE-2026-48597) in the `Tesla.Adapter.Mint` component of the Elixir Tesla HTTP client library, affecting versions 1.3.0 through 1.18.2, allows an unauthenticated attacker to crash the underlying BEAM VM by supplying untrusted URL schemes, leading to atom exhaustion.
Mint HTTP/2 Client Vulnerable to Unbounded CONTINUATION Frame Accumulation (CVE-2026-49754)
1 TTP 1 CVEA malicious or compromised HTTP/2 server can exploit CVE-2026-49754 in the Elixir Mint HTTP/2 client by sending an endless chain of CONTINUATION frames without an END_HEADERS flag, leading to unbounded memory accumulation, process exhaustion, and remote unauthenticated denial-of-service.
Mint HTTP/2 Client Unbounded Stream Map Growth Denial-of-Service (CVE-2026-48862)
1 TTP 1 CVEA malicious or compromised HTTP/2 server can exploit CVE-2026-48862 in Mint HTTP/2 clients by flooding them with PUSH_PROMISE frames and withholding corresponding HEADERS, leading to unbounded memory consumption and denial-of-service.