How severe is CVE-2021-41084?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.7 out of 10.

What type of vulnerability is CVE-2021-41084?

This is classified as CWE-918, which is a common weakness in software security.

CVE-2021-41084 - MEDIUM Severity | CVSS 4.7

Vulnerability Description

http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the following fields: Header names (`Header.name`å), Header values (`Header.value`), Status reason phrases (`Status.reason`), URI paths (`Uri.Path`), URI authority registered names (`URI.RegName`) (through 0.21). This issue has been resolved in versions 0.21.30, 0.22.5, 0.23.4, and 1.0.0-M27 perform the following. As a matter of practice http4s services and client applications should sanitize any user input in the aforementioned fields before returning a request or response to the backend. The carriage return, newline, and null characters are the most threatening.

Related Vulnerabilities

CVE-2017-16678

MEDIUM

CVSS:4.7(Medium)

Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacke...

CWE-9182017

CVE-2024-10903

MEDIUM

CVSS:4.7(Medium)

The Broken Link Checker WordPress plugin before 2.4.2 does not validate a the link URLs before making a request to them, which could allow admin users to perform SSRF attack, for example on a multisit...

CWE-9182024

CVE-2021-39051

MEDIUM

CVSS:4.8(Medium)

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could e...

CWE-9182021

CVE-2022-0132

MEDIUM

CVSS:4.8(Medium)

peertube is vulnerable to Server-Side Request Forgery (SSRF)

CWE-9182022

CVE-2024-3095

MEDIUM

CVSS:4.8(Medium)

A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever d...

CWE-9182024

CVE-2024-35451

MEDIUM

CVSS:4.8(Medium)

LinkStack 2.7.9 through 4.7.7 allows resources\views\components\favicon.blade.php link SSRF.

CWE-9182024