16 matches found
EUVD-2024-3184
Malicious code in bioql PyPI...
CVE-2024-51501
Refit is an automatic type-safe REST library for .NET Core, Xamarin and .NET The various header-related Refit attributes Header, HeaderCollection and Authorize are vulnerable to CRLF injection. The way HTTP headers are added to a request is via the HttpHeaders.TryAddWithoutValidation method. This...
Remote Code Execution (RCE)
umbraco.headless.client.net is vulnerable to Remote Code Execution RCE. The vulnerability is due to the use of an insecure Refit package, allows an attacker to exploit the insecure Refit dependency...
GHSA-MGR7-5782-6JH9 The Umbraco Heartcore headless client library uses a vulnerable Refit dependency package
Impact The Heartcore headless client library depends on Refit to assist in making HTTP requests to Heartcore public APIs. Refit recently published an advisory regarding a CRLF injection vulnerability whereby it is possible for a malicious user to smuggle additional headers or potentially body...
The Umbraco Heartcore headless client library uses a vulnerable Refit dependency package
Impact The Heartcore headless client library depends on Refit to assist in making HTTP requests to Heartcore public APIs. Refit recently published an advisory regarding a CRLF injection vulnerability whereby it is possible for a malicious user to smuggle additional headers or potentially body...
Carriage Return Line Feed(CRLF) Injection
Refit is vulnerable to Carriage Return Line FeedCRLF Injection. The vulnerability is due to lack of validation for CRLF characters in HTTP header values in the Refit library. Specifically, the HttpHeaders.TryAddWithoutValidation method used by Refit does not sanitize or check for CRLF sequences,...
CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes
Summary The various header-related Refit attributes Header, HeaderCollection and Authorize are vulnerable to CRLF injection. Details The way HTTP headers are added to a request is via the HttpHeaders.TryAddWithoutValidation method: This method does not check for CRLF characters in the header valu...
GHSA-3HXG-FXWM-8GF7 CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes
Summary The various header-related Refit attributes Header, HeaderCollection and Authorize are vulnerable to CRLF injection. Details The way HTTP headers are added to a request is via the HttpHeaders.TryAddWithoutValidation method: This method does not check for CRLF characters in the header valu...
CRLF Injection
Overview Affected versions of this package are vulnerable to CRLF Injection due to header-related attributes: Header, HeaderCollection and Authorize, through the HttpHeaders.TryAddWithoutValidation method. An attacker can manipulate HTTP headers or perform HTTP request smuggling. Notes: 1 This is...
CVE-2024-51501
Refit is an automatic type-safe REST library for .NET Core, Xamarin and .NET The various header-related Refit attributes Header, HeaderCollection and Authorize are vulnerable to CRLF injection. The way HTTP headers are added to a request is via the HttpHeaders.TryAddWithoutValidation method. This...
CVE-2024-51501 CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes
Refit is an automatic type-safe REST library for .NET Core, Xamarin and .NET The various header-related Refit attributes Header, HeaderCollection and Authorize are vulnerable to CRLF injection. The way HTTP headers are added to a request is via the HttpHeaders.TryAddWithoutValidation method. This...
CVE-2024-51501 CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes
Refit is an automatic type-safe REST library for .NET Core, Xamarin and .NET The various header-related Refit attributes Header, HeaderCollection and Authorize are vulnerable to CRLF injection. The way HTTP headers are added to a request is via the HttpHeaders.TryAddWithoutValidation method. This...
CVE-2024-51501
Refit (a .NET REST client) is vulnerable to CRLF injection via its header-related attributes (Header, HeaderCollection, Authorize). The underlying issue is lack of validation in HttpHeaders.TryAddWithoutValidation, which allows CRLF characters in header values, enabling header injection, request ...
CVE-2024-51501 CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes
Refit is an automatic type-safe REST library for .NET Core, Xamarin and .NET The various header-related Refit attributes Header, HeaderCollection and Authorize are vulnerable to CRLF injection. The way HTTP headers are added to a request is via the HttpHeaders.TryAddWithoutValidation method. This...
PT-2024-34666 · .Net · Refit
Name of the Vulnerable Software and Affected Versions: Refit versions prior to 7.2.22 Refit versions prior to 8.0.0 Description: The Refit library for .NET Core, Xamarin, and .NET has a CRLF injection vulnerability in its header-related attributes. This vulnerability occurs because the...
Refit 注入漏洞
Refit is a library in the ReactiveUI open source. Refit suffers from an injection vulnerability that stems from failing to check for CRLF characters in the header value, making it vulnerable to server-side request forgery attacks...