Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2020-07-27T11:25:16.789872Z
Updated: 2024-09-17T00:06:47.000Z
Reserved: 2020-01-21T00:00:00
Link: CVE-2020-7695
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-07-27T12:15:11.993
Modified: 2024-11-21T05:37:37.720
Link: CVE-2020-7695
Redhat
No data.