The vulnerability of the cpp-httplib library, related to its inability to handle CRLF sequences properly, allows attackers to inject arbitrary HTTP headers.

The vulnerability of the cpp-httplib library is related to its failure to address the issue of eliminating CRLF sequences in HTTP headers. Exploiting this vulnerability could allow an attacker to inject arbitrary HTTP headers remotely...

Fedora 38 : cpp-httplib (2023-0070b20b20)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-0070b20b20 advisory. Update to https://github.com/yhirose/cpp-httplib/releases/tag/v0.12.5 Tenable has extracted the preceding description block directly from the Fedora security...

Fedora: Security Advisory for cpp-httplib (FEDORA-2023-0070b20b20)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2020-11709

cpp-httplib through 0.5.8 does not filter \r\n in parameters passed into the setredirect and setheader functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts...

SUSE CVE-2023-26130

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors. Note: This issue is present due...

DEBIAN-CVE-2023-26130

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors. Note: This issue is present due...

CVE-2023-26130

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors. Note: This issue is present due...

UBUNTU-CVE-2023-26130

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors. Note: This issue is present due...

CVE-2023-26130

The CVE-2023-26130 issue affects yhirose/cpp-httplib

CVE-2023-26130

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors. Note: This issue is present due...

CVE-2023-26130

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors. Note: This issue is present due...

PT-2023-3153 · Yhirose · Cpp-Httplib

Name of the Vulnerable Software and Affected Versions: yhirose/cpp-httplib versions prior to 0.12.4 Description: The issue is related to the incomplete fix for a previous problem, which allows an attacker to inject arbitrary HTTP headers when untrusted user input is used to set the content-type...

cpp-httplib injection vulnerability

cpp-httplib is an HTTP/HTTPS server and client library written in C++. A security vulnerability exists in cpp-httplib version 0.5.8 and earlier, which stems from the program's failure to filter string-laden arguments passed to the 'setredirect' and 'setheader' functions. The vulnerability can be...

CVE-2020-11709

cpp-httplib through 0.5.8 does not filter \r\n in parameters passed into the setredirect and setheader functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts...

CVE-2020-11709

cpp-httplib through 0.5.8 does not filter \r\n in parameters passed into the setredirect and setheader functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts...

CVE-2020-11709

cpp-httplib through 0.5.8 does not filter \r\n in parameters passed into the setredirect and setheader functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts...

Crlf injection

cpp-httplib through 0.5.8 does not filter \r\n in parameters passed into the setredirect and setheader functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts...

UBUNTU-CVE-2020-11709

cpp-httplib through 0.5.8 does not filter \r\n in parameters passed into the setredirect and setheader functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts...

CVE-2020-11709

The CVE-2020-11709 issue affects the cpp-httplib library prior to 0.12.4, where CRLF injection is possible because input is not filtered when setting the Content-Type header in HTTP requests created by Patch, Post, Put, or Delete. The vulnerability arises in untrusted input used to influence head...

CVE-2020-11709

cpp-httplib through 0.5.8 does not filter \r\n in parameters passed into the setredirect and setheader functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts...