Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-26130

Опубликовано: 30 мая 2023
Источник: debian

Описание

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors. **Note:** This issue is present due to an incomplete fix for [CVE-2020-11709](https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-2366507).

Пакеты

ПакетСтатусВерсия исправленияРелизТип
cpp-httplibfixed0.11.4+ds-2package
cpp-httplibfixed0.11.4+ds-1+deb12u1bookwormpackage

Примечания

  • https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-5591194

  • https://gist.github.com/dellalibera/094aece17a86069a7d27f93c8aba2280

  • https://github.com/yhirose/cpp-httplib/commit/5b397d455d25a391ba346863830c1949627b4d08 (v0.12.4)

Связанные уязвимости

ubuntu логотип

CVE-2023-26130

CVSS3: 7.5
ubuntu
больше 2 лет назад

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors. **Note:** This issue is present due to an incomplete fix for [CVE-2020-11709](https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-2366507).

redhat логотип

CVE-2023-26130

CVSS3: 7.5
redhat
больше 2 лет назад

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors. **Note:** This issue is present due to an incomplete fix for [CVE-2020-11709](https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-2366507).

nvd логотип

CVE-2023-26130

CVSS3: 7.5
nvd
больше 2 лет назад

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors. **Note:** This issue is present due to an incomplete fix for [CVE-2020-11709](https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-2366507).

github логотип

GHSA-599g-p68q-2rxv

CVSS3: 7.5
github
больше 2 лет назад

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors. **Note:** This issue is present due to an incomplete fix for [CVE-2020-11709](https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-2366507).

fstec логотип

BDU:2023-03252

CVSS3: 7.5
fstec
больше 2 лет назад

Уязвимость библиотеки cpp-httplib, связанная с неприятием мер по нейтрализации последовательностей CRLF, позволяющая нарушителю внедрить произвольные HTTP-заголовки