All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the set_header and add_header functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2023-09-12T05:00:01.235Z
Updated: 2024-08-02T11:39:06.673Z
Reserved: 2023-02-20T10:28:48.928Z
Link: CVE-2023-26142
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-09-12T05:15:41.467
Modified: 2023-11-07T04:09:27.440
Link: CVE-2023-26142
Redhat
No data.