25 matches found
CVE-2026-38967
CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values...
CVE-2026-38967
CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values...
CVE-2026-34767
Summary : Electron apps that register custom protocol handlers (protocol.handle()/protocol.registerSchemesAsPrivileged()) or use webRequest.onHeadersReceived can be vulnerable to HTTP response header injection when untrusted input is reflected into header names or values. Impact : injected header...
EUVD-2026-18933
Electron: HTTP Response Header Injection in custom protocol handlers and webRequest...
Electron: HTTP Response Header Injection in custom protocol handlers and webRequest
Impact Apps that register custom protocol handlers via protocol.handle / protocol.registerSchemesAsPrivileged or modify response headers via webRequest.onHeadersReceived may be vulnerable to HTTP response header injection if attacker-controlled input is reflected into a response header name or...
EUVD-2018-3384
Malware in sbrugna...
GHSA-PFQJ-W6R6-G86V Pitchfork HTTP Request/Response Splitting vulnerability
Impact HTTP Response Header Injection in Pitchfork Versions 0.11.0 when used in conjunction with Rack 3 Patches The issue was fixed in Pitchfork release 0.11.0 Workarounds There are no known work arounds. Users must upgrade...
CVE-2025-30221
Pitchfork is a preforking HTTP server for Rack applications. Versions prior to 0.11.0 are vulnerable to HTTP Response Header Injection when used in conjunction with Rack 3. The issue was fixed in Pitchfork release 0.11.0. No known workarounds are available...
CVE-2025-30221 Pitchfork HTTP Request/Response Splitting vulnerability
Pitchfork is a preforking HTTP server for Rack applications. Versions prior to 0.11.0 are vulnerable to HTTP Response Header Injection when used in conjunction with Rack 3. The issue was fixed in Pitchfork release 0.11.0. No known workarounds are available...
Pitchfork HTTP Request/Response Splitting vulnerability
Impact HTTP Response Header Injection in Pitchfork Versions 0.11.0 when used in conjunction with Rack 3 Patches The issue was fixed in Pitchfork release 0.11.0 Workarounds There are no known work arounds. Users must upgrade...
Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6649-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6649-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially explo...
Shopify: HTTP Response Header Injection in shopify/pitchfork + Rack 3
The HTTP response header injection vulnerability was discovered in the Pitchfork library version 0.10.0 when used with Rack 3. The issue stemmed from improper handling of header values containing newline characters in the appendheader method of the HTTP response module. When Rack 3 was used, the...
CVE-2020-24275
A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrary code via supplying a crafted URL...
CVE-2020-24275
A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrary code via supplying a crafted URL...
resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class
A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed...
CVE-2018-11347
The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection. This flaw allows an attacker to inject, into the response from the server, one or several HTTP Header. It requires an interaction with the user to send him the malicious link. It could be used to...
Design/Logic Flaw
The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection. This flaw allows an attacker to inject, into the response from the server, one or several HTTP Header. It requires an interaction with the user to send him the malicious link. It could be used to...
CVE-2018-11347
The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection. This flaw allows an attacker to inject, into the response from the server, one or several HTTP Header. It requires an interaction with the user to send him the malicious link. It could be used to...
CVE-2018-11347
The CVE-2018-11347 entry concerns the YunoHost web application (versions 2.7.2 through 2.7.14). Affected component/issue: HTTP Response Header Injection, enabling an attacker to inject one or more HTTP headers in server responses. Attack requirements: user interaction is needed (the attacker must...
Nextcloud: Response Header injection using redirect_uri together with PHP that utilizes Header Folding according to RFC1945 and Internet Explorer 11
Hi, I noticed that the redirecturi used to redirect users to any location on the page, passes in all data into a header"Location.. without any validation. The problem is that PHP current PHP-versions of Debian/Ubuntu, there seem to be a patch properly in place in other dists actually built the...