How severe is CVE-2023-30536?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2023-30536?

This is classified as CWE-436, which is a common weakness in software security.

CVE-2023-30536

MEDIUM Year: 2023

CVSS v3 Score

6.5

Medium

Weakness Type

CWE-436

View all →

Vulnerability Description

slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. An attacker that is able to control the header names that are passed to Slilm-Psr7 would be able to intentionally craft invalid messages, possibly causing application errors or invalid HTTP requests being sent out with an PSR-18 HTTP client. The latter might present a denial of service vector if a remote service’s web application firewall bans the application due to the receipt of malformed requests. The issue has been patched in version 1.6.1. There are no known workarounds to this issue. Users are advised to upgrade.

CVE-2019-5892

MEDIUM

CVSS:6.5(Medium)

bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 (not affecting Cumulus Linux or VyOS), when ENABLE_BGP_VNC is used for...

CWE-4362019

CVE-2022-0011

MEDIUM

CVSS:6.5(Medium)

PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed (depending on your rules) regardless of their associated URL categ...

CWE-4362022

CVE-2022-29254

MEDIUM

CVSS:6.5(Medium)

silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways (those that use intermediary states like `isNotification()` or `isRedirect()`), i...

CWE-4362022

CVE-2023-29406

MEDIUM

CVSS:6.5(Medium)

The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses t...

CWE-4362023

CVE-2024-24753

MEDIUM

CVSS:6.5(Medium)

Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two head...

CWE-4362024

CVE-2023-39481

MEDIUM

CVSS:6.6(Medium)

Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing...

CWE-4362023

CVE-2023-30536

Vulnerability Description

Related Vulnerabilities

CVE-2019-5892

CVE-2022-0011

CVE-2022-29254

CVE-2023-29406

CVE-2024-24753

CVE-2023-39481