Описание
All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content.
Ссылки
- Exploit
- Third Party Advisory
- Exploit
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:drogon:drogon:*:*:*:*:*:*:*:*
EPSS
Процентиль: 27%
0.00098
Низкий
7.2 High
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-113
CWE-444
Связанные уязвимости
CVSS3: 7.2
github
больше 2 лет назад
All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content.
EPSS
Процентиль: 27%
0.00098
Низкий
7.2 High
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-113
CWE-444