CVE-2025-52479 HTTP.jl vulnerable to CR/LF Injection in URIs

HTTP.jl provides HTTP client and server functionality for Julia, and URIs.jl parses and works with Uniform Resource Identifiers URIs. URIs.jl prior to version 1.6.0 and HTTP.jl prior to version 1.10.17 allows the construction of URIs containing CR/LF characters. If user input was not otherwise...

PT-2025-26849 · Uris.Jl +1 · Uris.Jl +1

Name of the Vulnerable Software and Affected Versions: HTTP.jl versions prior to 1.10.17 URIs.jl versions prior to 1.6.0 Description: The issue allows the construction of URIs containing CR/LF characters, which can lead to a CRLF injection attack if user input is not properly escaped or protected...