Lucene search

CVE-2023-0040

🗓️ 18 Jan 2023 19:11:15Reported by SwiftType

Versions of Async HTTP Client prior to 1.13.2 are vulnerable to CRLF injection due to insufficient validation of HTTP header field values

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 8
GitLab Advisory Database	Async HTTP Client has CRLF Injection vulnerability in HTTP request headers	7 Jun 202300:00	–	gitlab
Vulnrichment	CVE-2023-0040	18 Jan 202300:00	–	vulnrichment
OSV	CVE-2023-0040	18 Jan 202319:15	–	osv
OSV	GHSA-V3R5-PJPM-MWGQ Async HTTP Client has CRLF Injection vulnerability in HTTP request headers	7 Jun 202315:52	–	osv
Cvelist	CVE-2023-0040	18 Jan 202300:00	–	cvelist
Prion	Crlf injection	18 Jan 202319:15	–	prion
NVD	CVE-2023-0040	18 Jan 202319:15	–	nvd
Github Security Blog	Async HTTP Client has CRLF Injection vulnerability in HTTP request headers	7 Jun 202315:52	–	github

Nvd

Node

asynchttpclient_project async-http-clientRange<1.4.1

asynchttpclient_project async-http-clientRange1.5.0–1.9.1

asynchttpclient_project async-http-clientRange1.10.0–1.12.1

asynchttpclient_project async-http-clientRange1.13.0–1.13.2

[
  {
    "vendor": "Swift Project",
    "product": "Async HTTP Client",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "1.13.1",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
github	www.github.com/swift-server/async-http-client/security/advisories/GHSA-v3r5-pjpm-mwgq

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

18 Jan 2023 19:15Current

7.7High risk

Vulners AI Score7.7

CVSS37.5

EPSS0.00092

SSVC