825 matches found
CHIYU TCP/IP Converter - Carriage Return Line Feed Injection
CHIYU TCP/IP Converter BF-430, BF-431, and BF-450 are susceptible to carriage return line feed injection. The redirect= parameter, available on multiple CGI components, is not properly validated, thus enabling an attacker to obtain sensitive information, modify data, and/or execute unauthorized...
EUVD-2026-31687
Hackney has CR/LF injection in query parameter...
CVE-2026-28898
swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. swift-nio-http2 1.44.1 adds validation of all pseudo-header values :path, :authority, :scheme, :method, and :status at both the HPACK...
EUVD-2026-39533
swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. swift-nio-http2 1.44.1 adds validation of all pseudo-header values :path, :authority, :scheme, :method, and :status at both the HPACK...
CVE-2026-28898
swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. swift-nio-http2 1.44.1 adds validation of all pseudo-header values :path, :authority, :scheme, :method, and :status at both the HPACK...
ROS-20260624-73-0033
The vulnerability in Netty is related to the failure to handle CRLF sequences in HTTP headers. Exploiting this vulnerability allows a remote attacker to inject arbitrary HTTP headers...
DEBIAN-CVE-2026-0864
When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...
CVE-2026-0864
When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...
PSF-2026-29
When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...
CVE-2026-0864 Configuration Injection via Carriage Return (\r) in write() method
When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...
CVE-2026-0864
The CVE-2026-0864 entry concerns Python’s configparser.write() and how it handles multi-line text values containing carriage return characters. The vulnerability arises when attacker-controlled values are written, potentially allowing injection of unexpected keys and values into the resulting con...
CVE-2026-0864 Configuration Injection via Carriage Return (\r) in write() method
When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...
CVE-2026-55766
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.1, guzzlehttp/psr7 did not reject CR/LF characters in certain first-party HTTP start-line fields: the request method, protocol version, and response reason phrase. If an application placed attacker-controlled dat...
CVE-2026-50269 AIOHTTP: CRLF injection in multipart headers
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. In the unlikely situation that an application is passing...
Astra Linux – Vulnerability in python-urllib3
In the urllib3 library, as of version 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameters...
Astra Linux – Vulnerability in Shadow
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit this directly for example, adding a new user fails because \n is in the block list, it is possible to misrepresent the /etc/passwd file...
PT-2026-50735
Name of the Vulnerable Software and Affected Versions http-proxy-middleware versions 3.0.4 through 3.0.6 http-proxy-middleware versions prior to 4.1.1 Description An issue exists in the fixRequestBody helper function when the outgoing Content-Type is set to multipart/form-data. The function uses...
Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted
Summary Before reading the first request-line, HttpObjectDecoder skips every byte for which Character.isISOControlb is true 0x00–0x1F and 0x7F as well as all whitespace. RFC 9112 §2.2 only asks servers to ignore empty CRLF lines preceding the request-line — a carefully scoped robustness allowance...
GHSA-268H-HP4C-CRQ3 Nodemailer: CRLF injection in Nodemailer List-* header comments allows arbitrary message header injection
Summary Nodemailer constructs List- headers from the caller-provided list message option using internally prepared header values. The list..comment field is inserted into those prepared values without removing CR \r or LF \n characters. Because prepared headers bypass the normal header-value...
GHSA-HMW2-7CC7-3QXX form-data: CRLF injection in form-data via unescaped multipart field names and filenames
Summary form-data builds multipart/form-data request bodies. Through v4.0.5, the field name passed to FormDataappend and the filename option are concatenated directly into the Content-Disposition header with no escaping of CR \r, LF \n, or ". An application that uses untrusted input as a field na...