Total
40 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-35948 | 1 Nodejs | 1 Undici | 2023-01-18 | N/A | 5.3 MEDIUM |
undici is an HTTP/1.1 client, written from scratch for Node.js.`=< undici@5.8.0` users are vulnerable to _CRLF Injection_ on headers when using unsanitized input as request headers, more specifically, inside the `content-type` header. Example: ``` import { request } from 'undici' const unsanitizedContentTypeInput = 'application/json\r\n\r\nGET /foo2 HTTP/1.1' await request('http://localhost:3000, { method: 'GET', headers: { 'content-type': unsanitizedContentTypeInput }, }) ``` The above snippet will perform two requests in a single `request` API call: 1) `http://localhost:3000/` 2) `http://localhost:3000/foo2` This issue was patched in Undici v5.8.1. Sanitize input when sending content-type headers using user input as a workaround. | |||||
CVE-2021-39172 | 1 Catchethq | 1 Catchet | 2022-12-13 | 6.5 MEDIUM | 8.8 HIGH |
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can exploit a new line injection in the configuration edition feature (e.g. mail settings) and gain arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving `UpdateConfigCommandHandler` and preventing the use of new lines characters in new configuration values. As a workaround, only allow trusted source IP addresses to access to the administration dashboard. | |||||
CVE-2022-31150 | 1 Nodejs | 1 Undici | 2022-09-15 | N/A | 6.5 MEDIUM |
undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. Sanitizing all HTTP headers from untrusted sources to eliminate `\r\n` is a workaround for this issue. | |||||
CVE-2019-9740 | 1 Python | 1 Python | 2022-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. | |||||
CVE-2019-9947 | 1 Python | 1 Python | 2022-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. | |||||
CVE-2022-31014 | 1 Nextcloud | 1 Nextcloud Server | 2022-07-14 | 3.5 LOW | 3.5 LOW |
Nextcloud server is an open source personal cloud server. Affected versions were found to be vulnerable to SMTP command injection. The impact varies based on which commands are supported by the backend SMTP server. However, the main risk here is that the attacker can then hijack an already-authenticated SMTP session and run arbitrary SMTP commands as the email user, such as sending emails to other users, changing the FROM user, and so on. As before, this depends on the configuration of the server itself, but newlines should be sanitized to mitigate such arbitrary SMTP command injection. It is recommended that the Nextcloud Server is upgraded to 22.2.8 , 23.0.5 or 24.0.1. There are no known workarounds for this issue. | |||||
CVE-2022-0666 | 1 Microweber | 1 Microweber | 2022-02-25 | 5.0 MEDIUM | 7.5 HIGH |
CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11. | |||||
CVE-2021-4097 | 1 Phpservermonitor | 1 Php Server Monitor | 2021-12-15 | 5.8 MEDIUM | 5.4 MEDIUM |
phpservermon is vulnerable to Improper Neutralization of CRLF Sequences | |||||
CVE-2014-9563 | 2 Atos, Unify | 8 Openscape Desk Phone Ip 35g, Openscape Desk Phone Ip 35g Eco, Openscape Desk Phone Ip 55g and 5 more | 2021-09-09 | 4.0 MEDIUM | 4.9 MEDIUM |
CRLF injection vulnerability in the web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated users to modify the root password and consequently access the debug port using the serial interface via the ssh-password parameter to page.cmd. | |||||
CVE-2019-11236 | 1 Python | 1 Urllib3 | 2021-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. | |||||
CVE-2016-4975 | 1 Apache | 1 Http Server | 2021-06-06 | 4.3 MEDIUM | 6.1 MEDIUM |
Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31). | |||||
CVE-2019-9741 | 4 Debian, Fedoraproject, Golang and 1 more | 5 Debian Linux, Fedora, Go and 2 more | 2021-03-22 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command. | |||||
CVE-2018-19585 | 1 Gitlab | 1 Gitlab | 2020-12-24 | 5.0 MEDIUM | 7.5 HIGH |
GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol. | |||||
CVE-2020-11078 | 3 Debian, Fedoraproject, Httplib2 Project | 3 Debian Linux, Fedora, Httplib2 | 2020-08-19 | 4.3 MEDIUM | 6.8 MEDIUM |
In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0. | |||||
CVE-2018-12477 | 1 Opensuse | 1 Leap | 2019-10-09 | 6.4 MEDIUM | 7.5 HIGH |
A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service: versions prior to d6244245dda5367767efc989446fe4b5e4609cce. | |||||
CVE-2017-7528 | 1 Redhat | 2 Ansible Tower, Cloudforms Management Engine | 2019-10-09 | 3.3 LOW | 6.5 MEDIUM |
Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems (using callback). | |||||
CVE-2017-18587 | 1 Hyper | 1 Hyper | 2019-09-03 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers. | |||||
CVE-2016-10803 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 5.0 MEDIUM | 7.5 HIGH |
cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923). | |||||
CVE-2018-6148 | 1 Google | 1 Chrome | 2019-07-02 | 4.3 MEDIUM | 6.5 MEDIUM |
Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
CVE-2018-1000164 | 2 Debian, Gunicorn | 2 Debian Linux, Gunicorn | 2019-06-19 | 5.0 MEDIUM | 7.5 HIGH |
gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0. |