CVE-2023-26130

2023-05-3005:00:02

snyk

github.com

crlf injection

http requests

logical errors

misbehaviors

incomplete fix

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.5%

JSON

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors.

Note: This issue is present due to an incomplete fix for CVE-2020-11709.

CNA Affected

[
  {
    "product": "yhirose/cpp-httplib",
    "versions": [
      {
        "version": "0",
        "lessThan": "0.12.4",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "vendor": "n/a"
  }
]