{"id":"JLSEC-2026-20","details":"Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks.","modified":"2026-04-01T15:30:06.418369Z","published":"2026-04-01T15:14:44.989Z","upstream":["CVE-2022-31394"],"database_specific":{"sources":[{"published":"2023-02-21T14:15:13.363Z","id":"CVE-2022-31394","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31394","imported":"2026-03-31T15:20:15.741Z","modified":"2025-03-17T19:15:12.043Z","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-31394"}],"license":"CC-BY-4.0"},"references":[{"type":"WEB","url":"https://github.com/hyperium/hyper/compare/v0.14.18...v0.14.19"},{"type":"WEB","url":"https://github.com/hyperium/hyper/issues/2826"},{"type":"WEB","url":"https://github.com/hyperium/hyper/pull/2828"},{"type":"WEB","url":"https://github.com/hyperium/hyper/compare/v0.14.18...v0.14.19"},{"type":"WEB","url":"https://github.com/hyperium/hyper/issues/2826"},{"type":"WEB","url":"https://github.com/hyperium/hyper/pull/2828"}],"affected":[{"package":{"name":"hyper_jll","ecosystem":"Julia","purl":"pkg:julia/hyper_jll?uuid=a61b6c3d-25e5-5e83-9f29-3d6b98db101c"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.14.19+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-20.json"}}],"schema_version":"1.7.5"}