pkg:npm/h3

所有已知漏洞

• HIGH8.9CVE-2026-23527h3 v1 has Request Smuggling (TE.TE) issue
  from 0, < 1.15.5
• HIGH7.5CVE-2026-33128h3 has a Server-Sent Events Injection via Unsanitized Newlines in Event Stream Fields
  >= 2.0.0, < 2.0.1-rc.15
• HIGH7.4CVE-2026-33131h3 has a middleware bypass with one gadget
  >= 2.0.0-0, < 2.0.1-rc.15
• MEDIUM5.9CVE-2026-33129h3 has an observable timing discrepancy in basic auth utils
  >= 2.0.0-beta.0, < 2.0.1-rc.9
• LOW3.7CVE-2026-33490h3: Missing Path Segment Boundary Check in `mount()` Causes Middleware Execution on Unrelated Prefix-Matching Routes
  >= 2.0.1-alpha.0, < 2.0.1-rc.17