Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2023-26130

Опубликовано: 30 мая 2023
Источник: ubuntu
Приоритет: medium
CVSS3: 7.5

Описание

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors. Note: This issue is present due to an incomplete fix for CVE-2020-11709.

РелизСтатусПримечание
bionic

DNE

devel

not-affected

0.14.3+ds-1.1build2
esm-apps/jammy

needed

esm-apps/noble

needs-triage

esm-infra/focal

DNE

focal

DNE

jammy

needed

kinetic

ignored

end of life, was needed
lunar

ignored

end of life, was needed
mantic

ignored

end of life, was needs-triage

Показывать по

Ссылки на источники

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2023-26130

CVSS3: 7.5
redhat
больше 2 лет назад

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors. **Note:** This issue is present due to an incomplete fix for [CVE-2020-11709](https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-2366507).

nvd логотип

CVE-2023-26130

CVSS3: 7.5
nvd
больше 2 лет назад

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors. **Note:** This issue is present due to an incomplete fix for [CVE-2020-11709](https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-2366507).

debian логотип

CVE-2023-26130

CVSS3: 7.5
debian
больше 2 лет назад

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerab ...

github логотип

GHSA-599g-p68q-2rxv

CVSS3: 7.5
github
больше 2 лет назад

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors. **Note:** This issue is present due to an incomplete fix for [CVE-2020-11709](https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-2366507).

fstec логотип

BDU:2023-03252

CVSS3: 7.5
fstec
больше 2 лет назад

Уязвимость библиотеки cpp-httplib, связанная с неприятием мер по нейтрализации последовательностей CRLF, позволяющая нарушителю внедрить произвольные HTTP-заголовки

7.5 High

CVSS3