gun
Hex3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting gunpage 1 of 1
- CVE-2026-43972MEDIUMCVSS 6.3EG 6.3✓ Fixed in 2.4.02026-06-08
vulnerable: 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.3.0
Origin Validation Error vulnerability in ninenines gun (gun_http2 module) allows cross-origin cookie injection via unvalidated HTTP/2 PUSH_PROMISE authority. In gun_http2:push_promise_frame/7, the :authority pseudo-header from an incoming…
- CVE-2026-43973HIGHCVSS 8.7EG 8.7✓ Fixed in 2.4.02026-06-08
vulnerable: 1.0.0 ... 2.3.0 (14 versions)
Uncontrolled Resource Consumption vulnerability in ninenines gun (gun_http module) allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering. In gun_http:handle/5, three clauses accumulate incoming TCP d…
- CVE-2026-43974HIGHCVSS 8.7EG 8.7✓ Fixed in 2.4.02026-06-08
vulnerable: 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.3.0
Unexpected Status Code or Return Value vulnerability in ninenines gun (gun_http module) allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response. In gun_http:handle_info…
Check whether gun is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for gun CVEs against the assets you own.
Start Free Scan →