Lucene search
+L

3254 matches found

Snyk
Snyk
added 2026/04/10 8:8 p.m.10 views

HTTP Response Splitting

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to HTTP Response Splitting via the parseTokens header processing path in lib/core/AxiosHeaders.js. An attacker can smuggle HTTP requests or inject arbitrary headers by...

9CVSS5.9AI score0.01815EPSS
Exploits5References2
RedHat Linux
RedHat Linux
added 2026/04/09 12:37 p.m.4 views

ruby: HTTP response splitting in WEBrick

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients...

5.3CVSS6.6AI score0.04569EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/09 12:35 p.m.4 views

ruby: HTTP response splitting in WEBrick

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients...

5.3CVSS6.6AI score0.04569EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/08 12:17 a.m.6 views

HTTP Response Splitting

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to HTTP Response Splitting via the setCookie function. An attacker can cause runtime errors and potentially disrupt application behavior by supplying specially crafted input as the cookie...

6.9CVSS5.8AI score
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/04/03 11:26 p.m.6 views

SUSE CVE-2026-26962

Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename o...

4.8CVSS5.7AI score0.00227EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/03 9:1 p.m.6 views

CVE-2026-26962

A flaw was found in Rack, a modular Ruby web server interface. Rack::Multipart::Parser incorrectly processes folded multipart part headers, failing to remove embedded carriage return and line feed CRLF characters. This can lead to applications that reuse these parsed values in HTTP response heade...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/03 2:37 a.m.3 views

HTTP Response Splitting

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to HTTP Response Splitting via the protocol.handle, protocol.registerSchemesAsPrivileged, or...

6.5CVSS6AI score0.00211EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/03 2:37 a.m.4 views

HTTP Response Splitting

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to HTTP Response Splitting via the protocol.handle, protocol.registerSchemesAsPrivileged, or webRequest.onHeadersReceived...

6.5CVSS6AI score0.00211EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/02 8:31 p.m.4 views

EUVD-2026-18417

Rack's improper unfolding of folded multipart headers preserves CRLF in parsed parameter values...

4.8CVSS5.8AI score0.00227EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/02 8:31 p.m.8 views

Rack's improper unfolding of folded multipart headers preserves CRLF in parsed parameter values

Summary Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename or name instead of removing the folded line break during unfolding. As a result,...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/02 8:31 p.m.6 views

GHSA-RX22-G9MX-QRHV Rack's improper unfolding of folded multipart headers preserves CRLF in parsed parameter values

Summary Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename or name instead of removing the folded line break during unfolding. As a result,...

4.8CVSS5.9AI score0.00227EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/02 6:20 p.m.7 views

CRLF Injection

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

6.5CVSS6AI score0.00227EPSS
Exploits0References2
NVD
NVD
added 2026/04/02 6:16 p.m.5 views

CVE-2026-26962

Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename o...

6.5CVSS0.00227EPSS
Exploits0References1
OSV
OSV
added 2026/04/02 6:16 p.m.1 views

DEBIAN-CVE-2026-26962

Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename o...

6.5CVSS5.3AI score0.00227EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/02 5:57 p.m.3 views

CVE-2026-34715 ewe Has Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Request/Response Splitting)

ewe is a Gleam web server. Prior to version 3.0.6, the encodeheaders function in src/ewe/internal/encoder.gleam directly interpolates response header keys and values into raw HTTP bytes without validating or stripping CRLF \r\n sequences. An application that passes user-controlled data into...

5.3CVSS5.7AI score0.00327EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/02 5:57 p.m.5 views

CVE-2026-34715

ewe is a Gleam web server. Prior to version 3.0.6, the encodeheaders function in src/ewe/internal/encoder.gleam directly interpolates response header keys and values into raw HTTP bytes without validating or stripping CRLF \r\n sequences. An application that passes user-controlled data into...

5.3CVSS5.5AI score0.00327EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/04/02 5:57 p.m.23 views

CVE-2026-34715 ewe Has Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Request/Response Splitting)

ewe is a Gleam web server. Prior to version 3.0.6, the encodeheaders function in src/ewe/internal/encoder.gleam directly interpolates response header keys and values into raw HTTP bytes without validating or stripping CRLF \r\n sequences. An application that passes user-controlled data into...

5.3CVSS0.00327EPSS
Exploits1References3
CVE
CVE
added 2026/04/02 5:57 p.m.29 views

CVE-2026-34715

Vulnerability: ewe (Gleam web server) prior to 3.0.6 allows HTTP header injection via encode_headers in src/ewe/internal/encoder.gleam. The function directly interpolates response header keys and values into raw HTTP bytes without validating or stripping CRLF sequences, so user-controlled data (e...

5.3CVSS5.5AI score0.00327EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/02 5:57 p.m.3 views

CVE-2026-34715 ewe Has Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Request/Response Splitting)

ewe is a Gleam web server. Prior to version 3.0.6, the encodeheaders function in src/ewe/internal/encoder.gleam directly interpolates response header keys and values into raw HTTP bytes without validating or stripping CRLF \r\n sequences. An application that passes user-controlled data into...

5.3CVSS5.7AI score0.00327EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/04/02 5:10 p.m.4 views

CVE-2026-26962

Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename o...

4.8CVSS5.7AI score0.00227EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder