CVEs affecting projects tracked on Release Alert, from NVD & OSV.
CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.