Lucene search
K

7 matches found

NVD
NVD
added 2026/03/12 9:16 p.m.10 views

CVE-2026-1527

ImpactWhen an application passes user-controlled input to the upgrade option of client.request, an attacker can inject CRLF sequences \r\n to: Inject arbitrary HTTP headers Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services Redis, Memcached, Elasticsearch The...

4.6CVSS0.00256EPSS
Exploits0References3
OSV
OSV
added 2026/03/12 9:16 p.m.5 views

CVE-2026-1527

ImpactWhen an application passes user-controlled input to the upgrade option of client.request, an attacker can inject CRLF sequences \r\n to: Inject arbitrary HTTP headers Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services Redis, Memcached, Elasticsearch The...

4.6CVSS5.9AI score
Exploits0References3
OSV
OSV
added 2026/03/12 9:16 p.m.6 views

UBUNTU-CVE-2026-1527

ImpactWhen an application passes user-controlled input to the upgrade option of client.request, an attacker can inject CRLF sequences \r\n to: Inject arbitrary HTTP headers Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services Redis, Memcached, Elasticsearch The...

4.6CVSS5.9AI score0.00256EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/12 8:17 p.m.6 views

CVE-2026-1527 undici is vulnerable to CRLF Injection via upgrade option

ImpactWhen an application passes user-controlled input to the upgrade option of client.request, an attacker can inject CRLF sequences \r\n to: Inject arbitrary HTTP headers Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services Redis, Memcached, Elasticsearch The...

4.6CVSS5.9AI score0.00256EPSS
Exploits0References3
CVE
CVE
added 2026/03/12 8:17 p.m.31 views

CVE-2026-1527

Undici (Node.js HTTP client) is vulnerable to a CRLF injection via the upgrade option in client.request() when user-controlled input is passed to the upgrade value. The root cause is that the upgrade value is written directly to the socket without validating header characters, allowing an attacke...

4.6CVSS5.9AI score0.00256EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.5 views

undici 安全漏洞

Undici is an open-source HTTP/1.1 client developed by Node.js. There is a security vulnerability in Undici, which stems from the lack of validation of user input in the upgrade option. This vulnerability could allow attackers to inject CRLF sequences, thereby injecting arbitrary HTTP headers or...

4.6CVSS7AI score0.00256EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.4 views

PT-2026-25066

Name of the Vulnerable Software and Affected Versions undici versions prior to 7.24.0 and prior to 6.24.0 Description The issue arises when an application passes user-controlled input to the upgrade option of the client.request function. This allows an attacker to inject CRLF Carriage Return Line...

4.6CVSS6.8AI score0.00256EPSS
Exploits0References197
Rows per page
Query Builder