Lucene search

[email protected]NVD:CVE-2023-26138

HistoryJul 06, 2023 - 5:15 a.m.

CVE-2023-26138

2023-07-0605:15:09

CWE-74

CWE-93

[email protected]

web.nvd.nist.gov

crlf injection

untrusted user input

request headers

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

19.6%

JSON

All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. An attacker can add the \r\n (carriage return line feeds) characters and inject additional headers in the request sent.

Affected configurations

NVD

Node

drogondrogon

References

gist.github.com/dellalibera/d2abd809f32ec6c61be1f41d80edf61b

security.snyk.io/vuln/SNYK-UNMANAGED-DROGONFRAMEWORKDROGON-5665555

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

19.6%

JSON

Related for NVD:CVE-2023-26138

cve1 prion1 cvelist1