Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct “poisoned NUL byte attack.”
[
{
"product": "chicken",
"vendor": "chicken",
"versions": [
{
"status": "affected",
"version": "before 4.8.0"
}
]
}
]