CVE-2023-26138

MEDIUM Year: 2023
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-93
View all →

Vulnerability Description

All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. An attacker can add the \r\n (carriage return line feeds) characters and inject additional headers in the request sent.

Related Vulnerabilities

CVE-2019-15616

MEDIUM
CVSS:4.3(Medium)

Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long.

CWE-932019

CVE-2020-3246

MEDIUM
CVSS:4.7(Medium)

A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user of an affected service...

CWE-932020

CVE-2020-3561

MEDIUM
CVSS:4.7(Medium)

A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker...

CWE-932020

CVE-2014-9563

MEDIUM
CVSS:4.9(Medium)

CRLF injection vulnerability in the web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated users...

CWE-932014

CVE-2017-18587

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers.

CWE-932017

CVE-2018-12537

MEDIUM
CVSS:5.3(Medium)

In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfilter...

CWE-932018