Lucene search
K

7 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/02 7:9 p.m.10 views

CVE-2026-48596

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Multipart.addcontenttypeparam/2. Tesla.Multipart.addcontenttypeparam/2 appends caller-supplied strings to the multipart...

2.1CVSS5.9AI score0.0017EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/02 7:8 p.m.9 views

CVE-2026-48598 CRLF injection in Tesla.Multipart disposition parameters allows multipart part header injection

Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesla.Multipart.partheadersfordisposition/1 interpolates each disposition parameter as k="v" with no validation of CR \r, LF \n, o...

2.1CVSS5.8AI score0.00143EPSS
Exploits0References4
CVE
CVE
added 2026/06/02 7:8 p.m.31 views

CVE-2026-48598

The CVE-2026-48598 entry affects the Elixir Tesla library, specifically Tesla.Multipart.part_headers_for_disposition/1. The vulnerability arises from improper encoding of disposition parameters, treating each parameter as k="v" without sanitizing CR (\r), LF (\n), or double-quote characters. Mali...

2.1CVSS5.8AI score0.00143EPSS
Exploits0References4
OSV
OSV
added 2026/06/02 7:8 p.m.10 views

EEF-CVE-2026-48598 CRLF injection in Tesla.Multipart disposition parameters allows multipart part header injection

Summary Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesla.Multipart.partheadersfordisposition/1 interpolates each disposition parameter as k="v" with no validation of CR \r, ...

2.1CVSS5.8AI score0.00143EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:8 p.m.8 views

CVE-2026-48598

Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesla.Multipart.partheadersfordisposition/1 interpolates each disposition parameter as k="v" with no validation of CR \r, LF \n, o...

2.1CVSS5.8AI score0.00143EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.17 views

PT-2026-45841

Name of the Vulnerable Software and Affected Versions tesla versions 0.8.0 through 1.18.2 Description Improper encoding or escaping of output allows multipart part header injection through unescaped Content-Disposition parameter values. The function part headers for disposition interpolates...

2.1CVSS6AI score0.00143EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.19 views

PT-2026-45839

Name of the Vulnerable Software and Affected Versions tesla versions 0.8.0 through 1.18.2 Description Improper Neutralization of CRLF Sequences in HTTP Headers, also known as HTTP Request/Response Splitting, allows HTTP header injection. The function add content type param/2 within the...

2.1CVSS6.1AI score0.0017EPSS
Exploits0References13
Rows per page
Query Builder