Lucene search
K

6 matches found

RedHat Linux
RedHat Linux
added 2026/05/19 1:39 p.m.10 views

cpython: wsgiref.headers.Headers allows header newline injection in Python

Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers...

5.9CVSS7AI score0.00463EPSS
Exploits0References7
OSV
OSV
added 2026/01/20 9:26 p.m.7 views

PSF-2026-6

User-controlled header names and values containing newlines can allow injecting HTTP headers...

5.9CVSS5.4AI score0.00463EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.7 views

PT-2026-3670

Name of the Vulnerable Software and Affected Versions affected versions not specified Description User-controlled header names and values containing newlines can allow injecting HTTP headers. Recommendations At the moment, there is no information about a newer version that contains a fix for this...

7.5CVSS5.9AI score0.01525EPSS
Exploits1References191
RedhatCVE
RedhatCVE
added 2025/05/23 2:46 a.m.5 views

CVE-2023-30536

slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. An...

6.5CVSS6.8AI score0.00743EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/01/24 4:18 a.m.7 views

SUSE CVE-2023-30536

slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. An...

6.5CVSS6.8AI score0.00743EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/03/25 12:0 a.m.5 views

PT-2022-28159 · Guzzle +3 · Guzzlehttp/Psr7 +3

Name of the Vulnerable Software and Affected Versions: guzzlehttp/psr7 versions prior to 1.9.1 guzzlehttp/psr7 versions prior to 2.4.5 Description: The issue concerns improper header parsing, allowing an attacker to sneak in a newline into both the header names and values. Many servers will also...

9.8CVSS6AI score0.22699EPSS
Exploits27References153
Rows per page
Query Builder