EUVD-2025-16328

ID: EUVD-2025-16328

Severity: low

CVSS v4: 2.3 (CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N)

CVSS v3: Not provided

CWE: None listed

Source: ENISA

Description

Hackney fails to properly release HTTP connections to the pool after handling 307 Temporary Redirect responses. Remote attackers can exploit this to exhaust connection pools, causing denial of service in applications using the library. Fix for this issue has been included in 1.24.0 release.

Timestamps

Normalized: 2026-01-26T23:42:47Z UTC
Last updated: 2026-01-26T23:42:47Z UTC

References

No references provided.

VulnAI

EUVD-2025-16328

Description

Timestamps

References