cowlib

Hex4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting cowlibpage 1 of 1

CVE-2026-43968MEDIUMCVSS 4.0EG 4.0✓ Fixed in 2.16.1
2026-05-11
vulnerable: 2.10.0 ... 2.9.1 (17 versions)
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cow_sse:event/1 in cowlib guards the id and event fields against \n but …
CVE-2026-43969LOWCVSS 3.2EG 3.2
2026-05-11
vulnerable: 2.10.0 ... 2.9.1 (12 versions)
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cow_cookie:cookie/1 in cowlib builds a client-…
CVE-2026-43970HIGHCVSS 8.2EG 8.2✓ Fixed in 2.16.1
2026-05-13
vulnerable: 1.0.0 ... 2.9.1 (32 versions)
Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cow_spdy:inflate/2 in cowlib passes peer-supplied compressed bytes d…
CVE-2026-7790HIGHCVSS 8.7EG 8.7✓ Fixed in 2.16.1
2026-05-11
vulnerable: 1.0.0 ... 2.9.1 (32 versions)
Uncontrolled Resource Consumption vulnerability in ninenines cowlib (cow_http_te module) allows Excessive Allocation. The chunked transfer-encoding parser in cow_http_te accepts an unbounded number of hex digits in the chunk-size field. E…

Check whether cowlib is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for cowlib CVEs against the assets you own.

Start Free Scan →