All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user input is used to set request headers. An attacker can add the \r\n (carriage return line feeds) characters and inject additional headers in the request sent.
Metrics
Affected Vendors & Products
References
History
Mon, 23 Sep 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2023-09-29T05:00:03.203Z
Updated: 2024-09-23T18:39:31.832Z
Reserved: 2023-02-20T10:28:48.929Z
Link: CVE-2023-26148
Vulnrichment
Updated: 2024-08-02T11:39:06.603Z
NVD
Status : Modified
Published: 2023-09-29T05:15:46.693
Modified: 2024-11-21T07:50:52.700
Link: CVE-2023-26148
Redhat
No data.