6 matches found
cpython: wsgiref.headers.Headers allows header newline injection in Python
Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers...
PSF-2026-6
User-controlled header names and values containing newlines can allow injecting HTTP headers...
PT-2026-3670
Name of the Vulnerable Software and Affected Versions affected versions not specified Description User-controlled header names and values containing newlines can allow injecting HTTP headers. Recommendations At the moment, there is no information about a newer version that contains a fix for this...
CVE-2023-30536
slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. An...
SUSE CVE-2023-30536
slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. An...
PT-2022-28159 · Guzzle +3 · Guzzlehttp/Psr7 +3
Name of the Vulnerable Software and Affected Versions: guzzlehttp/psr7 versions prior to 1.9.1 guzzlehttp/psr7 versions prior to 2.4.5 Description: The issue concerns improper header parsing, allowing an attacker to sneak in a newline into both the header names and values. Many servers will also...