8.2 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
44.5%
cpp-httplib through 0.5.8 does not filter \r\n in parameters passed into the set_redirect and set_header functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts.
gist.github.com/shouc/a9330df817128bc4c4132abf3de09495
github.com/yhirose/cpp-httplib/issues/425