CVE-2023-26137

All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions. An attacker can add the \r\n carriage return line feeds characters to end the HTTP response headers and...

CVE-2021-35397

A path traversal vulnerability in the static router for Drogon from 1.0.0-beta14 to 1.6.0 could allow an unauthenticated, remote attacker to arbitrarily read files. The vulnerability is due to lack of proper input validation for requested path. An attacker could exploit this vulnerability by...

CVE-2023-26138

All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. An attacker can add the \r\n carriage return line feeds characters and inject additional headers in the request sent...

Drogon 注入漏洞

Drogon is an open source HTTP application framework based on C++14/17. Drogon can be used to easily build various types of web application server programs using C++. A security vulnerability exists in Drogon that stems from a CRLF injection issue that allows an attacker to add rn characters and...

Drogon 环境问题漏洞

Drogon is an open source HTTP application framework based on C++14/17. Drogon can be used to easily build various types of web application server programs using C++. Drogon is vulnerable to an environmental issue that stems from an HTTP response splitting problem that allows an attacker to add th...

PT-2023-20515 · Drogon · Drogon

Name of the Vulnerable Software and Affected Versions: drogonframework/drogon affected versions not specified Description: The issue arises when untrusted user input is used to build header values in the addHeader and addCookie functions, allowing an attacker to inject malicious content by adding...

PT-2023-20516 · Unknown · Drogonframework/Drogon

Name of the Vulnerable Software and Affected Versions: drogonframework/drogon versions prior to the fixed version Description: The issue arises when untrusted user input is used to set request headers in the addHeader function, allowing an attacker to inject additional headers by adding r carriag...

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. An attacker can add the \r\n carriage return line feeds characters and inject additional headers in the request sent. Remediation There i...

Drogon 安全特征问题漏洞

Drogon is an open source HTTP application framework based on C++14/17.Drogon can be used to easily build various types of web application server programs using C++. A security vulnerability exists in Drogon 1.8.1 and earlier versions that stems from an unknown feature of the Session Hash componen...