PT-2025-23077 · Hackney · Hackney
Marcin Wyczechowski
+2
·
Published
2025-05-28
·
Updated
2026-01-26
·
CVE-2025-3864
CVSS v4.0
2.3
Low
| Vector | AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Hackney versions prior to 1.24.0
Description
The issue arises from Hackney's failure to properly release HTTP connections to the pool after handling 307 Temporary Redirect responses. This allows remote attackers to exhaust connection pools, resulting in denial of service in applications that use the library.
Recommendations
For versions prior to 1.24.0, update to version 1.24.0 to resolve the issue.
Fix
DoS
Missing Release of Resource after Effective Lifetime
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hackney