All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when untrusted user input is used to build headers values. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content, like for example additional headers or new response body, leading to a potential XSS vulnerability.
History

Mon, 23 Sep 2024 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2023-09-29T05:00:04.105Z

Updated: 2024-09-23T18:38:45.605Z

Reserved: 2023-02-20T10:28:48.929Z

Link: CVE-2023-26147

cve-icon Vulnrichment

Updated: 2024-08-02T11:39:06.642Z

cve-icon NVD

Status : Modified

Published: 2023-09-29T05:15:46.630

Modified: 2024-11-21T07:50:52.570

Link: CVE-2023-26147

cve-icon Redhat

No data.