Lucene search

[email protected]NVD:CVE-2020-24275

HistoryJul 20, 2023 - 8:15 p.m.

CVE-2020-24275

2023-07-2020:15:09

CWE-74

[email protected]

web.nvd.nist.gov

swoole

http

response header injection

vulnerability

cve-2020-24275

arbitrary code

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.3%

JSON

A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrary code via supplying a crafted URL.

Affected configurations

NVD

Node

swooleswooleMatch4.5.2

References

blog.cal1.cn/post/HTTP%20Response%20Header%20Injection%20in%20Swoole%3C%3D4.5.2

github.com/swoole/swoole-src/pull/3539

github.com/swoole/swoole-src/pull/3545

portswigger.net/kb/issues/00200200_http-response-header-injection

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.3%

JSON

Related for NVD:CVE-2020-24275

cve1 cvelist1 prion1 osv1