12 matches found
CVE-2026-43968
A flaw was found in cowlib. An Improper Neutralization of CRLF Sequences Carriage Return Line Feed Injection vulnerability allows a remote attacker to inject bare carriage return characters into Server-Sent Events SSE fields. This enables event splitting and injection of arbitrary event types and...
CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1
...
GHSA-HV23-4QP7-8C8R ninenines cowlib: Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability allows SSE event splitting and injection via unvalidated field values
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cowsse:event/1 in cowlib guards the id and event fields against \n but not against bare \r, and the internal prefixlines/2 function...
EUVD-2026-29192
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cowsse:event/1 in cowlib guards the id and event fields against \n but not against bare \r, and the internal prefixlines/2 function...
CVE-2026-43968
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cowsse:event/1 in cowlib guards the id and event fields against \n but not against bare \r, and the internal prefixlines/2 function...
CVE-2026-43968
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cowsse:event/1 in cowlib guards the id and event fields against \n but not against bare \r, and the internal prefixlines/2 function...
CVE-2026-43968 CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cowsse:event/1 in cowlib guards the id and event fields against \n but not against bare \r, and the internal prefixlines/2 function...
CVE-2026-43968 CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cowsse:event/1 in cowlib guards the id and event fields against \n but not against bare \r, and the internal prefixlines/2 function...
CVE-2026-43968
CVE-2026-43968 involves an CRLF injection in ninenines/cowlib, triggered by the SSE encoding path cow_sse:event/1. The root cause is improper neutralization of CRLF sequences: while id and event fields guard against \n, bare \r is not sanitized, and prefix_lines/2 used for data and comment fields...
CVE-2026-43968
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cowsse:event/1 in cowlib guards the id and event fields against \n but not against bare \r, and the internal prefixlines/2 function...
EEF-CVE-2026-43968 CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1
Summary Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cowsse:event/1 in cowlib guards the id and event fields against \n but not against bare \r, and the internal prefixlines/2...
PT-2026-39726
Name of the Vulnerable Software and Affected Versions cowlib versions 2.6.0 and later Description Improper Neutralization of CRLF Sequences CRLF Injection allows SSE event splitting and injection through unvalidated field values. The cow sse:event/1 function guards the id and event fields against...