> A CVE wasn’t announced for an HTTP Request Smuggling vulnerability
Even before the acquisition of Anthropic, there had never been a single vulnerability report.
https://github.com/oven-sh/bun/security
Do not use this in production.