[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-40225":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":37,"duplicate_of":9,"upstream":38,"downstream":39,"duplicates":72,"related":73,"reserved_at":9,"published_at":83,"modified_at":84,"state":85,"summary":86,"references_raw":94,"kevs":126,"epss":127,"epss_history":130,"metrics":399,"affected":405},"CVE-2023-40225","HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-444","Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')","The product acts as an intermediary HTTP agent\n         (such as a proxy or firewall) in the data flow between two\n         entities such as a client and server, but it does not\n         interpret malformed HTTP requests or responses in ways that\n         are consistent with how the messages will be processed by\n         those entities that are at the ultimate destination.","weakness","Incomplete","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-273","HTTP Response Smuggling",[],{"id":24,"name":25,"techniques":26},"CAPEC-33","HTTP Request Smuggling",[],[28],{"_key":29,"name":30,"source":31,"url":32,"maturity":33,"reliability_score":34,"verified":35,"type":9,"platforms":36,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_HAPROXY_HAPROXY","Haproxy","github","https://github.com/haproxy/haproxy/issues/181","poc",0.3,false,[],[],[],[40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70],{"_key":41},"SUSE-SU-2023:3490-1",{"_key":43},"SUSE-SU-2023:4646-1",{"_key":45},"UBUNTU-CVE-2023-40225",{"_key":47},"USN-6294-1",{"_key":49},"USN-6294-2",{"_key":51},"SUSE-SU-2023:3469-1",{"_key":53},"OPENSUSE-SU-2024:13116-1",{"_key":55},"DSA-5590-1",{"_key":57},"RHSA-2023:7606",{"_key":59},"RHSA-2024:0200",{"_key":61},"RHSA-2024:0308",{"_key":63},"RHSA-2024:1089",{"_key":65},"RHSA-2024:1142",{"_key":67},"RHSA-2023:7473",{"_key":69},"MGASA-2023-0320",{"_key":71},"DEBIAN-CVE-2023-40225",[],[74,75,76,77,78,79,81],{"_key":41},{"_key":43},{"_key":51},{"_key":53},{"_key":69},{"_key":80},"CGA-R7F8-P8JR-5WCC",{"_key":82},"CGA-54G5-XW2P-2XCH","2023-08-10T00:00:00.000Z","2024-10-09T20:14:29.797Z","Modified",{"cisa_kev":35,"cisa_ransomware":35,"cisa_vendor":9,"epss_severity":87,"epss_score":88,"severity":89,"severity_score":90,"severity_version":91,"severity_source":92,"severity_vector":93,"severity_status":85},"low",0.00091,"high",7.2,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",[95,103,108,113,117,121],{"url":96,"sources":97,"tags":99},"https://github.com/haproxy/haproxy/issues/2237",[98,92],"cve.org",[100,101,102],"Exploit","Issue Tracking","Vendor Advisory",{"url":104,"sources":105,"tags":106},"https://github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856",[98,92],[107],"Patch",{"url":109,"sources":110,"tags":111},"https://www.haproxy.org/download/2.8/src/CHANGELOG",[98,92],[112],"Release Notes",{"url":114,"sources":115,"tags":116},"https://www.haproxy.org/download/2.7/src/CHANGELOG",[98,92],[112],{"url":118,"sources":119,"tags":120},"https://www.haproxy.org/download/2.6/src/CHANGELOG",[98,92],[112],{"url":122,"sources":123,"tags":124},"https://cwe.mitre.org/data/definitions/436.html",[98,92],[125],"Technical Description",[],{"date":128,"score":88,"percentile":129},"2026-06-04",0.2561,[131,135,138,141,144,147,150,153,156,159,162,165,168,171,174,178,181,184,187,190,193,196,199,202,205,208,211,214,217,220,223,226,229,232,234,237,240,243,246,249,252,255,258,261,264,267,270,273,276,279,282,285,288,291,294,297,300,303,306,309,311,314,317,320,322,325,328,331,334,337,340,342,345,348,350,353,356,360,363,366,369,372,375,378,381,384,387,390,393,396],{"date":132,"score":133,"percentile":134},"2025-11-04",0.00029,0.06989,{"date":136,"score":133,"percentile":137},"2025-11-05",0.0701,{"date":139,"score":133,"percentile":140},"2025-11-06",0.07127,{"date":142,"score":133,"percentile":143},"2025-11-07",0.0715,{"date":145,"score":133,"percentile":146},"2025-11-08",0.07145,{"date":148,"score":133,"percentile":149},"2025-11-09",0.07117,{"date":151,"score":133,"percentile":152},"2025-11-10",0.07083,{"date":154,"score":133,"percentile":155},"2025-11-11",0.07109,{"date":157,"score":133,"percentile":158},"2025-11-12",0.07101,{"date":160,"score":133,"percentile":161},"2025-11-13",0.07133,{"date":163,"score":133,"percentile":164},"2025-11-14",0.07172,{"date":166,"score":133,"percentile":167},"2025-11-15",0.07199,{"date":169,"score":133,"percentile":170},"2025-11-16",0.07209,{"date":172,"score":133,"percentile":173},"2025-11-17",0.07197,{"date":175,"score":176,"percentile":177},"2025-11-18",0.00018,0.02117,{"date":179,"score":176,"percentile":180},"2025-11-19",0.02145,{"date":182,"score":176,"percentile":183},"2025-11-20",0.02182,{"date":185,"score":133,"percentile":186},"2025-11-21",0.07317,{"date":188,"score":133,"percentile":189},"2025-11-22",0.0732,{"date":191,"score":133,"percentile":192},"2025-11-23",0.07315,{"date":194,"score":133,"percentile":195},"2025-11-24",0.07299,{"date":197,"score":133,"percentile":198},"2025-11-25",0.07306,{"date":200,"score":133,"percentile":201},"2025-11-26",0.07313,{"date":203,"score":133,"percentile":204},"2025-11-27",0.07314,{"date":206,"score":133,"percentile":207},"2025-11-28",0.07301,{"date":209,"score":133,"percentile":210},"2025-11-29",0.0734,{"date":212,"score":133,"percentile":213},"2025-11-30",0.07348,{"date":215,"score":133,"percentile":216},"2025-12-01",0.07387,{"date":218,"score":133,"percentile":219},"2025-12-02",0.07401,{"date":221,"score":133,"percentile":222},"2025-12-03",0.0742,{"date":224,"score":133,"percentile":225},"2025-12-04",0.074,{"date":227,"score":133,"percentile":228},"2025-12-05",0.07442,{"date":230,"score":133,"percentile":231},"2025-12-06",0.07456,{"date":233,"score":133,"percentile":231},"2025-12-07",{"date":235,"score":133,"percentile":236},"2025-12-08",0.07469,{"date":238,"score":133,"percentile":239},"2025-12-09",0.07522,{"date":241,"score":133,"percentile":242},"2025-12-10",0.0759,{"date":244,"score":133,"percentile":245},"2025-12-11",0.07634,{"date":247,"score":133,"percentile":248},"2025-12-12",0.07649,{"date":250,"score":133,"percentile":251},"2025-12-13",0.07619,{"date":253,"score":133,"percentile":254},"2025-12-14",0.07602,{"date":256,"score":133,"percentile":257},"2025-12-15",0.07546,{"date":259,"score":133,"percentile":260},"2025-12-16",0.07582,{"date":262,"score":133,"percentile":263},"2025-12-17",0.07669,{"date":265,"score":133,"percentile":266},"2025-12-18",0.07731,{"date":268,"score":133,"percentile":269},"2025-12-19",0.0772,{"date":271,"score":133,"percentile":272},"2025-12-20",0.0771,{"date":274,"score":133,"percentile":275},"2025-12-21",0.07691,{"date":277,"score":133,"percentile":278},"2025-12-22",0.07641,{"date":280,"score":133,"percentile":281},"2025-12-23",0.07623,{"date":283,"score":133,"percentile":284},"2025-12-24",0.07635,{"date":286,"score":133,"percentile":287},"2025-12-25",0.07714,{"date":289,"score":133,"percentile":290},"2025-12-26",0.07721,{"date":292,"score":133,"percentile":293},"2025-12-27",0.07709,{"date":295,"score":133,"percentile":296},"2025-12-28",0.07723,{"date":298,"score":133,"percentile":299},"2025-12-29",0.07703,{"date":301,"score":133,"percentile":302},"2025-12-30",0.07674,{"date":304,"score":133,"percentile":305},"2025-12-31",0.07706,{"date":307,"score":133,"percentile":308},"2026-01-01",0.07774,{"date":310,"score":133,"percentile":308},"2026-01-02",{"date":312,"score":133,"percentile":313},"2026-01-03",0.07779,{"date":315,"score":133,"percentile":316},"2026-01-04",0.07708,{"date":318,"score":133,"percentile":319},"2026-01-05",0.07658,{"date":321,"score":133,"percentile":248},"2026-01-06",{"date":323,"score":133,"percentile":324},"2026-01-07",0.07681,{"date":326,"score":133,"percentile":327},"2026-01-08",0.07756,{"date":329,"score":133,"percentile":330},"2026-01-09",0.07767,{"date":332,"score":133,"percentile":333},"2026-01-10",0.07789,{"date":335,"score":133,"percentile":336},"2026-01-11",0.07775,{"date":338,"score":133,"percentile":339},"2026-01-12",0.0775,{"date":341,"score":133,"percentile":296},"2026-01-13",{"date":343,"score":133,"percentile":344},"2026-01-14",0.07758,{"date":346,"score":133,"percentile":347},"2026-01-15",0.07755,{"date":349,"score":133,"percentile":308},"2026-01-16",{"date":351,"score":133,"percentile":352},"2026-01-17",0.07785,{"date":354,"score":133,"percentile":355},"2026-01-18",0.07766,{"date":357,"score":358,"percentile":359},"2026-01-19",0.00032,0.09066,{"date":361,"score":358,"percentile":362},"2026-01-20",0.09036,{"date":364,"score":358,"percentile":365},"2026-01-21",0.09006,{"date":367,"score":358,"percentile":368},"2026-01-22",0.08992,{"date":370,"score":358,"percentile":371},"2026-01-23",0.09085,{"date":373,"score":358,"percentile":374},"2026-01-24",0.09145,{"date":376,"score":358,"percentile":377},"2026-01-25",0.09073,{"date":379,"score":358,"percentile":380},"2026-01-26",0.09037,{"date":382,"score":358,"percentile":383},"2026-01-27",0.09022,{"date":385,"score":358,"percentile":386},"2026-01-28",0.09,{"date":388,"score":358,"percentile":389},"2026-01-29",0.08985,{"date":391,"score":358,"percentile":392},"2026-01-30",0.08993,{"date":394,"score":358,"percentile":395},"2026-01-31",0.08991,{"date":397,"score":358,"percentile":398},"2026-02-01",0.09017,[400],{"source":92,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":401,"cvss_v4_0":9},{"baseScore":90,"baseSeverity":402,"vectorString":93,"impactScore":403,"exploitabilityScore":404},"HIGH",4.5,10,[406],{"ecosystem":9,"name":407,"vendor":407,"product":407,"cpe_part":408,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":409},"haproxy","a",[410,416,420,424,429,433],{"version":411,"is_range":412,"range_type":413,"version_start":9,"version_start_type":9,"version_end":414,"version_end_type":415,"fixed_in":9},"lte2.0.32",true,"cpe","2.0.32","including",{"version":417,"is_range":412,"range_type":413,"version_start":418,"version_start_type":415,"version_end":419,"version_end_type":415,"fixed_in":9},"gte2.2.0_lte2.2.30","2.2.0","2.2.30",{"version":421,"is_range":412,"range_type":413,"version_start":422,"version_start_type":415,"version_end":423,"version_end_type":415,"fixed_in":9},"gte2.4.0_lte2.4.23","2.4.0","2.4.23",{"version":425,"is_range":412,"range_type":413,"version_start":426,"version_start_type":415,"version_end":427,"version_end_type":428,"fixed_in":9},"gte2.5.0_lt2.6.15","2.5.0","2.6.15","excluding",{"version":430,"is_range":412,"range_type":413,"version_start":431,"version_start_type":415,"version_end":432,"version_end_type":428,"fixed_in":9},"gte2.7.0_lt2.7.10","2.7.0","2.7.10",{"version":434,"is_range":412,"range_type":413,"version_start":435,"version_start_type":415,"version_end":436,"version_end_type":428,"fixed_in":9},"gte2.8.0_lt2.8.2","2.8.0","2.8.2"]