Описание
Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers.
Ссылки
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.11.7 (исключая)
cpe:2.3:a:encode:uvicorn:*:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.003
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-74
Связанные уязвимости
CVSS3: 5.3
ubuntu
больше 5 лет назад
Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers.
CVSS3: 5.3
debian
больше 5 лет назад
Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF s ...
EPSS
Процентиль: 53%
0.003
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-74