CVE-2023-0508

MEDIUM Year: 2023
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-113
View all →

Vulnerability Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Open redirection was possible via HTTP response splitting in the NPM package API.

Related Vulnerabilities

CVE-2024-42487

MEDIUM
CVSS:4.3(Medium)

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes...

CWE-1132024

CVE-2025-30221

MEDIUM
CVSS:4.3(Medium)

Pitchfork is a preforking HTTP server for Rack applications. Versions prior to 0.11.0 are vulnerable to HTTP Response Header Injection when used in conjunction with Rack 3. The issue was fixed in Pitc...

CWE-1132025

CVE-2020-3117

MEDIUM
CVSS:4.7(Medium)

A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance (WSA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to in...

CWE-1132020

CVE-2017-12309

MEDIUM
CVSS:5.3(Medium)

A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the ...

CWE-1132017

CVE-2017-17742

MEDIUM
CVSS:5.3(Medium)

Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP...

CWE-1132017

CVE-2022-20772

MEDIUM
CVSS:5.3(Medium)

A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulner...

CWE-1132022