CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

Pypiserver <1.2.5 - Carriage Return Line Feed Injection

Pypiserver through 1.2.5 and below is susceptible to carriage return line feed injection. An attacker can set arbitrary HTTP headers and possibly conduct cross-site scripting attacks via a %0d%0a in a URI. id: CVE-2019-6802 info: name: Pypiserver 1.2.5 - Carriage Return Line Feed Injection author...

6.1CVSS6.4AI score0.0129EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-0108

Malware in sbrugna...

6.1CVSS6.1AI score0.0129EPSS

Exploits1References6

OSV•added 2019/01/30 8:56 p.m.•42 views

GHSA-MH24-7WVG-V88G CRLF Injection in pypiserver

CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI...

6.1CVSS6.1AI score0.0129EPSS

Exploits1References5

Github Security Blog•added 2019/01/30 8:56 p.m.•60 views

CRLF Injection in pypiserver

CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI...

6.1CVSS6.2AI score0.0129EPSS

Exploits1References5Affected Software1

Veracode•added 2019/01/28 2:45 a.m.•24 views

CRLF Injection

pypiserver is vulnerable to CRLF injection. A remote attacker is able to inject newline characters %0d%0a into the server response and create arbitrary HTTP headers or perform cross-site scripting attacks. This is due to unescaped values being passed from a client and used directly for redirects...

6.1CVSS6.2AI score0.0129EPSS

Exploits1References1Affected Software1

PyPA•added 2019/01/25 4:29 a.m.•4 views

PYSEC-2019-113

CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI...

6.1CVSS6.7AI score0.0129EPSS

Exploits1References2Affected Software1

NVD•added 2019/01/25 4:29 a.m.•17 views

CVE-2019-6802

CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI...

6.1CVSS6.2AI score0.0129EPSS

Exploits1References1

OSV•added 2019/01/25 4:29 a.m.•12 views

PYSEC-2019-43

CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI...

4.4AI score

Exploits0References1

OSV•added 2019/01/25 4:29 a.m.•12 views

CVE-2019-6802

CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI...

6.1CVSS6.2AI score

Exploits0References1

Prion•added 2019/01/25 4:29 a.m.•13 views

Crlf injection

CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI...

4.3CVSS6.2AI score0.0129EPSS

Exploits1References1Affected Software1

OSV•added 2019/01/25 4:29 a.m.•19 views

PYSEC-2019-113

CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI...

6.1CVSS4.4AI score0.0129EPSS

Exploits1References2

Cvelist•added 2019/01/25 4:0 a.m.•16 views

CVE-2019-6802

CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI...

6.2AI score0.0129EPSS

Exploits1References1

CVE•added 2019/01/25 4:0 a.m.•192 views

CVE-2019-6802

CVE-2019-6802 affects pypiserver up to version 1.2.5, where an attacker can inject carriage return/line feed via a URI (%0d%0a) to set arbitrary HTTP headers and potentially trigger XSS. The root cause is CRLF injection in how certain inputs are handled, enabling header manipulation and possible ...

6.1CVSS6.1AI score0.0129EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by