All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the set_header and add_header functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content.
Metrics
Affected Vendors & Products
References
History
Thu, 26 Sep 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2023-09-12T05:00:01.235Z
Updated: 2024-09-26T14:23:48.768Z
Reserved: 2023-02-20T10:28:48.928Z
Link: CVE-2023-26142
Vulnrichment
Updated: 2024-08-02T11:39:06.673Z
NVD
Status : Modified
Published: 2023-09-12T05:15:41.467
Modified: 2024-11-21T07:50:51.920
Link: CVE-2023-26142
Redhat
No data.