15 matches found
CVE-2026-22779
BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new...
CVE-2026-22779
BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new...
blacksheep-sqlalchemy (=0.0.3), shapelets-platform (>=2.0.40 <=2.2.5) +2 more potentially affected by CVE-2026-22779 via blacksheep (>=1.2.18 <=2.0.8)
blacksheep PYPI version =1.2.18, =2.0.40, =2.2.5 - shapelets-rec-server =0.1.0.dev1 - sheepcord =0.1.0 Source cves: CVE-2026-22779 Source advisory: OSV:GHSA-6PW3-H7XF-X4GP...
BlackSheep's ClientSession is vulnerable to CRLF injection
Impact The HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new header or even create a new HTTP request. Exploitation requires developers to pass unsanitized user input...
GHSA-6PW3-H7XF-X4GP BlackSheep's ClientSession is vulnerable to CRLF injection
Impact The HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new header or even create a new HTTP request. Exploitation requires developers to pass unsanitized user input...
HTTP Response Splitting
Overview blacksheep is a Fast web framework for Python asyncio Affected versions of this package are vulnerable to HTTP Response Splitting via the Client implementation. An attacker can manipulate HTTP requests or inject additional headers by supplying specially input containing carriage return a...
CVE-2026-22779 BlackSheep ClientSession is vulnerable to CRLF injection
BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new...
CVE-2026-22779
Summary of public details (CVE-2026-22779) : BlackSheep, a Python asynchronous web framework, has a vulnerable HTTP Client implementation prior to version 2.4.6. The root cause is missing validation of headers, enabling CRLF injection that can modify existing HTTP requests or create new ones when...
CVE-2026-22779
BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new...
CVE-2026-22779 BlackSheep ClientSession is vulnerable to CRLF injection
BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new...
CVE-2026-22779 BlackSheep ClientSession is vulnerable to CRLF injection
BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new...
EUVD-2026-2451
BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new...
BlackSheep 注入漏洞
BlackSheep is an open source web application framework from Neoteroi. BlackSheep version 2.4.6 before the injection vulnerability , the vulnerability stems from the HTTP client-side implementation of the lack of header validation , which could lead to an attacker to modify the HTTP request or...
PT-2026-2972
Impact The HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new header or even create a new HTTP request. Exploitation requires developers to pass unsanitized user input...
BlackSheep Plugin Bites Back: Detecting FireSheep Hijack Attempts
With more than 600,000 copies of the FireSheep browser plug-in downloaded in a matter of weeks, Web security firm zScaler have released a new Firefox plug-in, BlackSheep, in hopes of combating attempts by those using FireSheep to try to hijack their Web session. The plug-in doesn’t protect users...