35 matches found
EUVD-2021-22040
Malware in sbrugna...
EUVD-2022-43292
Malicious code in bioql PyPI...
CVE-2023-26137
All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions. An attacker can add the \r\n carriage return line feeds characters to end the HTTP response headers and...
CVE-2023-26138
All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. An attacker can add the \r\n carriage return line feeds characters and inject additional headers in the request sent...
CVE-2022-3959
A vulnerability, which was classified as problematic, has been found in drogon up to 1.8.1. Affected by this issue is some unknown functionality of the component Session Hash Handler. The manipulation leads to small space of random values. The attack may be launched remotely. Upgrading to version...
CVE-2021-35397
A path traversal vulnerability in the static router for Drogon from 1.0.0-beta14 to 1.6.0 could allow an unauthenticated, remote attacker to arbitrarily read files. The vulnerability is due to lack of proper input validation for requested path. An attacker could exploit this vulnerability by...
CVE-2023-26138
All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. An attacker can add the \r\n carriage return line feeds characters and inject additional headers in the request sent...
CVE-2023-26137
All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions. An attacker can add the \r\n carriage return line feeds characters to end the HTTP response headers and...
CVE-2023-26137
All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions. An attacker can add the \r\n carriage return line feeds characters to end the HTTP response headers and...
Design/Logic Flaw
All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions. An attacker can add the \r\n carriage return line feeds characters to end the HTTP response headers and...
CVE-2023-26138
The CVE-2023-26138 entry concerns drogonframework/drogon with a CRLF Injection vulnerability in the addHeader function. Untrusted user input used to set request headers can insert \r\n characters, enabling injection of additional headers into outgoing requests. Several sources (NVD, Red Hat, PRio...
Drogon 环境问题漏洞
Drogon is an open source HTTP application framework based on C++14/17. Drogon can be used to easily build various types of web application server programs using C++. Drogon is vulnerable to an environmental issue that stems from an HTTP response splitting problem that allows an attacker to add th...
Drogon 注入漏洞
Drogon is an open source HTTP application framework based on C++14/17. Drogon can be used to easily build various types of web application server programs using C++. A security vulnerability exists in Drogon that stems from a CRLF injection issue that allows an attacker to add rn characters and...
PT-2023-20515 · Drogon · Drogon
Name of the Vulnerable Software and Affected Versions: drogonframework/drogon affected versions not specified Description: The issue arises when untrusted user input is used to build header values in the addHeader and addCookie functions, allowing an attacker to inject malicious content by adding...
PT-2023-20516 · Unknown · Drogonframework/Drogon
Name of the Vulnerable Software and Affected Versions: drogonframework/drogon versions prior to the fixed version Description: The issue arises when untrusted user input is used to set request headers in the addHeader function, allowing an attacker to inject additional headers by adding r carriag...
CRLF Injection
Overview Affected versions of this package are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. An attacker can add the \r\n carriage return line feeds characters and inject additional headers in the request sent. Remediation There i...
HTTP Response Splitting
Overview Affected versions of this package are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions. An attacker can add the \r\n carriage return line feeds characters to end the HTTP response headers and inject...
CVE-2022-3959
A vulnerability, which was classified as problematic, has been found in drogon up to 1.8.1. Affected by this issue is some unknown functionality of the component Session Hash Handler. The manipulation leads to small space of random values. The attack may be launched remotely. Upgrading to version...
CVE-2022-3959
A vulnerability, which was classified as problematic, has been found in drogon up to 1.8.1. Affected by this issue is some unknown functionality of the component Session Hash Handler. The manipulation leads to small space of random values. The attack may be launched remotely. Upgrading to version...
Design/Logic Flaw
A vulnerability, which was classified as problematic, has been found in drogon up to 1.8.1. Affected by this issue is some unknown functionality of the component Session Hash Handler. The manipulation leads to small space of random values. The attack may be launched remotely. Upgrading to version...