Highrossabaker

**Name of the Vulnerable Software and Affected Versions** Http4s versions 0.1.0 through 0.21.33 Http4s versions 0.22.0 through 0.22.14 Http4s versions 0.23.0 through 0.23.16 Http4s versions 1.0.0-M0 through 1.0.0-M37 **Description** The `User-Agent` and `Server` header parsers in Http4s are susceptible to a fatal error on certain inputs. This issue applies to services that explicitly request these typed headers, as modeled headers are lazily parsed in Http4s. **Recommendations** For Http4s versions 0.1.0 through 0.21.33, update to version 0.21.34 or later. For Http4s versions 0.22.0 through 0.22.14, update to version 0.22.15 or later. For Http4s versions 0.23.0 through 0.23.16, update to version 0.23.17 or later. For Http4s versions 1.0.0-M0 through 1.0.0-M37, update to version 1.0.0-M38 or later. As a temporary workaround for all affected versions, consider using the weakly typed header interface to minimize the risk of exploitation.