Описание
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.0.0 (включая) до 3.5.1 (включая)
cpe:2.3:a:eclipse:vert.x:*:*:*:*:*:*:*:*
EPSS
Процентиль: 78%
0.01089
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-93
CWE-20
Связанные уязвимости
CVSS3: 5.3
redhat
больше 7 лет назад
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.
github
больше 7 лет назад
Moderate severity vulnerability that affects io.vertx:vertx-core
EPSS
Процентиль: 78%
0.01089
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-93
CWE-20