GHSA-FG5Q-R2Q5-QMH3 Drupal CRLF injection vulnerability in the drupal_set_header function

CRLF injection vulnerability in the drupalsetheader function in Drupal 6.x before 6.38, when used with PHP before 5.1.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP...

Drupal Core HTTP Header Injection Vulnerability

Drupal is a free and open source content management system developed in PHP. An HTTP header injection vulnerability exists in the Drupal Core 'drupalsetheader' function. An attacker can exploit the vulnerability to conduct HTTP header injection attacks...