[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-25725":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":34,"aliases":35,"duplicate_of":9,"upstream":36,"downstream":37,"duplicates":74,"related":75,"reserved_at":9,"published_at":86,"modified_at":87,"state":88,"summary":89,"references_raw":98,"kevs":128,"epss":129,"epss_history":132,"metrics":378,"affected":386},"CVE-2023-25725","HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka \"request smuggling.\" The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.",null,[11,18],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-OTHER","Other","NVD uses this CWE ID when the weakness does not map to any existing CWE entry.","placeholder","NVD-Reserved",[],{"_key":19,"id":19,"name":20,"description":21,"type":22,"status":23,"abstraction":24,"likelihood_of_exploit":9,"capec":25},"CWE-444","Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')","The product acts as an intermediary HTTP agent\n         (such as a proxy or firewall) in the data flow between two\n         entities such as a client and server, but it does not\n         interpret malformed HTTP requests or responses in ways that\n         are consistent with how the messages will be processed by\n         those entities that are at the ultimate destination.","weakness","Incomplete","Base",[26,30],{"id":27,"name":28,"techniques":29},"CAPEC-273","HTTP Response Smuggling",[],{"id":31,"name":32,"techniques":33},"CAPEC-33","HTTP Request Smuggling",[],[],[],[],[38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72],{"_key":39},"RHSA-2023:1696",{"_key":41},"RHSA-2023:1978",{"_key":43},"SUSE-FU-2023:2117-1",{"_key":45},"SUSE-FU-2023:2119-1",{"_key":47},"SUSE-SU-2023:0412-1",{"_key":49},"SUSE-SU-2023:0413-1",{"_key":51},"UBUNTU-CVE-2023-25725",{"_key":53},"USN-5869-1",{"_key":55},"SUSE-SU-2023:0411-1",{"_key":57},"OPENSUSE-SU-2024:12686-1",{"_key":59},"DLA-3318-1",{"_key":61},"DSA-5348-1",{"_key":63},"DEBIAN-CVE-2023-25725",{"_key":65},"RHSA-2023:1655",{"_key":67},"USN-7135-1",{"_key":69},"RHBA-2023:1649",{"_key":71},"RHSA-2023:1268",{"_key":73},"RHSA-2023:1325",[],[76,77,78,79,80,81,82,84],{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":55},{"_key":57},{"_key":83},"CGA-2H8F-JJ3M-34XM",{"_key":85},"CGA-7RPH-RCJ7-RH7V","2023-02-14T00:00:00.000Z","2025-03-20T19:14:03.000Z","Modified",{"cisa_kev":90,"cisa_ransomware":90,"cisa_vendor":9,"epss_severity":91,"epss_score":92,"severity":93,"severity_score":94,"severity_version":95,"severity_source":96,"severity_vector":97,"severity_status":88},false,"medium",0.17535,"critical",9.1,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",[99,105,109,115,120,124],{"url":100,"sources":101,"tags":103},"https://www.haproxy.org/",[96,102],"nvd",[104],"Product",{"url":106,"sources":107,"tags":108},"https://git.haproxy.org/?p=haproxy-2.7.git%3Ba=commit%3Bh=a0e561ad7f29ed50c473f5a9da664267b60d1112",[96,102],[],{"url":110,"sources":111,"tags":112},"https://lists.debian.org/debian-lts-announce/2023/02/msg00012.html",[96,102],[113,114],"Mailing List","Third Party Advisory",{"url":116,"sources":117,"tags":118},"https://www.debian.org/security/2023/dsa-5348",[96,102],[119,114],"Vendor Advisory",{"url":121,"sources":122,"tags":123},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPTJQHKUEU2PQ7RWFUYAFLAD4STEIKHU/",[96,102],[119],{"url":125,"sources":126,"tags":127},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JM5NCIBTHYDTLPY2UNC4HO2VAHHE6CJG/",[96,102],[119],[],{"date":130,"score":92,"percentile":131},"2026-06-04",0.95207,[133,137,139,141,143,146,149,151,154,157,159,162,164,167,169,173,175,178,181,184,187,190,193,196,199,202,205,207,210,213,215,217,220,222,224,226,229,232,236,239,242,244,247,250,253,256,259,261,264,266,268,271,274,277,281,283,285,288,290,293,296,299,301,304,306,308,310,313,315,318,322,325,328,331,334,337,340,342,345,348,351,354,357,360,362,365,368,370,372,375],{"date":134,"score":135,"percentile":136},"2025-11-04",0.19688,0.95181,{"date":138,"score":135,"percentile":136},"2025-11-05",{"date":140,"score":135,"percentile":136},"2025-11-06",{"date":142,"score":135,"percentile":136},"2025-11-07",{"date":144,"score":135,"percentile":145},"2025-11-08",0.95179,{"date":147,"score":135,"percentile":148},"2025-11-09",0.9518,{"date":150,"score":135,"percentile":148},"2025-11-10",{"date":152,"score":135,"percentile":153},"2025-11-11",0.95182,{"date":155,"score":135,"percentile":156},"2025-11-12",0.95185,{"date":158,"score":135,"percentile":156},"2025-11-13",{"date":160,"score":135,"percentile":161},"2025-11-14",0.95186,{"date":163,"score":135,"percentile":153},"2025-11-15",{"date":165,"score":135,"percentile":166},"2025-11-16",0.95184,{"date":168,"score":135,"percentile":161},"2025-11-17",{"date":170,"score":171,"percentile":172},"2025-11-18",0.45177,0.97443,{"date":174,"score":171,"percentile":172},"2025-11-19",{"date":176,"score":171,"percentile":177},"2025-11-20",0.97445,{"date":179,"score":135,"percentile":180},"2025-11-21",0.95194,{"date":182,"score":135,"percentile":183},"2025-11-22",0.95193,{"date":185,"score":135,"percentile":186},"2025-11-23",0.95191,{"date":188,"score":135,"percentile":189},"2025-11-24",0.95192,{"date":191,"score":135,"percentile":192},"2025-11-25",0.95196,{"date":194,"score":135,"percentile":195},"2025-11-26",0.95197,{"date":197,"score":135,"percentile":198},"2025-11-27",0.952,{"date":200,"score":135,"percentile":201},"2025-11-28",0.95199,{"date":203,"score":135,"percentile":204},"2025-11-29",0.95203,{"date":206,"score":135,"percentile":201},"2025-11-30",{"date":208,"score":135,"percentile":209},"2025-12-01",0.95237,{"date":211,"score":135,"percentile":212},"2025-12-02",0.95235,{"date":214,"score":135,"percentile":209},"2025-12-03",{"date":216,"score":135,"percentile":201},"2025-12-04",{"date":218,"score":135,"percentile":219},"2025-12-05",0.95202,{"date":221,"score":135,"percentile":219},"2025-12-06",{"date":223,"score":135,"percentile":131},"2025-12-07",{"date":225,"score":135,"percentile":131},"2025-12-08",{"date":227,"score":135,"percentile":228},"2025-12-09",0.9521,{"date":230,"score":135,"percentile":231},"2025-12-10",0.95215,{"date":233,"score":234,"percentile":235},"2025-12-11",0.20671,0.95386,{"date":237,"score":234,"percentile":238},"2025-12-12",0.95388,{"date":240,"score":234,"percentile":241},"2025-12-13",0.95389,{"date":243,"score":234,"percentile":238},"2025-12-14",{"date":245,"score":234,"percentile":246},"2025-12-15",0.95391,{"date":248,"score":234,"percentile":249},"2025-12-16",0.95394,{"date":251,"score":234,"percentile":252},"2025-12-17",0.95396,{"date":254,"score":234,"percentile":255},"2025-12-18",0.95398,{"date":257,"score":234,"percentile":258},"2025-12-19",0.95399,{"date":260,"score":234,"percentile":258},"2025-12-20",{"date":262,"score":234,"percentile":263},"2025-12-21",0.954,{"date":265,"score":234,"percentile":263},"2025-12-22",{"date":267,"score":234,"percentile":263},"2025-12-23",{"date":269,"score":234,"percentile":270},"2025-12-24",0.95404,{"date":272,"score":234,"percentile":273},"2025-12-25",0.95407,{"date":275,"score":234,"percentile":276},"2025-12-26",0.95408,{"date":278,"score":279,"percentile":280},"2025-12-27",0.18113,0.94983,{"date":282,"score":234,"percentile":270},"2025-12-28",{"date":284,"score":234,"percentile":270},"2025-12-29",{"date":286,"score":234,"percentile":287},"2025-12-30",0.95405,{"date":289,"score":234,"percentile":276},"2025-12-31",{"date":291,"score":234,"percentile":292},"2026-01-01",0.95448,{"date":294,"score":234,"percentile":295},"2026-01-02",0.95444,{"date":297,"score":234,"percentile":298},"2026-01-03",0.95441,{"date":300,"score":234,"percentile":255},"2026-01-04",{"date":302,"score":234,"percentile":303},"2026-01-05",0.95395,{"date":305,"score":234,"percentile":252},"2026-01-06",{"date":307,"score":234,"percentile":252},"2026-01-07",{"date":309,"score":234,"percentile":258},"2026-01-08",{"date":311,"score":234,"percentile":312},"2026-01-09",0.95402,{"date":314,"score":234,"percentile":312},"2026-01-10",{"date":316,"score":234,"percentile":317},"2026-01-11",0.95401,{"date":319,"score":320,"percentile":321},"2026-01-12",0.27981,0.96305,{"date":323,"score":320,"percentile":324},"2026-01-13",0.96304,{"date":326,"score":320,"percentile":327},"2026-01-14",0.9631,{"date":329,"score":320,"percentile":330},"2026-01-15",0.96311,{"date":332,"score":320,"percentile":333},"2026-01-16",0.96313,{"date":335,"score":320,"percentile":336},"2026-01-17",0.96315,{"date":338,"score":320,"percentile":339},"2026-01-18",0.96317,{"date":341,"score":320,"percentile":339},"2026-01-19",{"date":343,"score":320,"percentile":344},"2026-01-20",0.96318,{"date":346,"score":320,"percentile":347},"2026-01-21",0.96319,{"date":349,"score":320,"percentile":350},"2026-01-22",0.96321,{"date":352,"score":320,"percentile":353},"2026-01-23",0.96325,{"date":355,"score":320,"percentile":356},"2026-01-24",0.96327,{"date":358,"score":320,"percentile":359},"2026-01-25",0.9633,{"date":361,"score":320,"percentile":359},"2026-01-26",{"date":363,"score":320,"percentile":364},"2026-01-27",0.96329,{"date":366,"score":320,"percentile":367},"2026-01-28",0.96331,{"date":369,"score":320,"percentile":367},"2026-01-29",{"date":371,"score":320,"percentile":367},"2026-01-30",{"date":373,"score":320,"percentile":374},"2026-01-31",0.96332,{"date":376,"score":320,"percentile":377},"2026-02-01",0.96361,[379,384],{"source":96,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":380,"cvss_v4_0":9},{"baseScore":94,"baseSeverity":381,"vectorString":97,"impactScore":382,"exploitabilityScore":383},"CRITICAL",8.7,10,{"source":102,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":385,"cvss_v4_0":9},{"baseScore":94,"baseSeverity":381,"vectorString":97,"impactScore":382,"exploitabilityScore":383},[387,398],{"ecosystem":9,"name":388,"vendor":389,"product":390,"cpe_part":391,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":392},"debian linux","debian","debian_linux","o",[393,396],{"version":394,"is_range":90,"range_type":395,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0","cpe",{"version":397,"is_range":90,"range_type":395,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0",{"ecosystem":9,"name":399,"vendor":399,"product":399,"cpe_part":400,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":401},"haproxy","a",[402,407,412,416,420,424],{"version":403,"is_range":404,"range_type":395,"version_start":9,"version_start_type":9,"version_end":405,"version_end_type":406,"fixed_in":9},"lt2.0.31",true,"2.0.31","excluding",{"version":408,"is_range":404,"range_type":395,"version_start":409,"version_start_type":410,"version_end":411,"version_end_type":406,"fixed_in":9},"gte2.1.0_lt2.2.29","2.1.0","including","2.2.29",{"version":413,"is_range":404,"range_type":395,"version_start":414,"version_start_type":410,"version_end":415,"version_end_type":406,"fixed_in":9},"gte2.3.0_lt2.4.22","2.3.0","2.4.22",{"version":417,"is_range":404,"range_type":395,"version_start":418,"version_start_type":410,"version_end":419,"version_end_type":406,"fixed_in":9},"gte2.5.0_lt2.5.12","2.5.0","2.5.12",{"version":421,"is_range":404,"range_type":395,"version_start":422,"version_start_type":410,"version_end":423,"version_end_type":406,"fixed_in":9},"gte2.6.0_lt2.6.9","2.6.0","2.6.9",{"version":425,"is_range":404,"range_type":395,"version_start":426,"version_start_type":410,"version_end":427,"version_end_type":406,"fixed_in":9},"gte2.7.0_lt2.7.3","2.7.0","2.7.3"]