How severe is CVE-2024-5193?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-5193?

This is classified as CWE-93, which is a common weakness in software security.

CVE-2024-5193 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

A vulnerability was found in Ritlabs TinyWeb Server 1.94. It has been classified as problematic. Affected is an unknown function of the component Request Handler. The manipulation with the input %0D%0A leads to crlf injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-265830 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2017-18587

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers.

CWE-932017

CVE-2018-12537

MEDIUM

CVSS:5.3(Medium)

In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfilter...

CWE-932018

CVE-2023-26148

MEDIUM

CVSS:5.3(Medium)

All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user input is used to set request headers. An attacker can add the \r\n (carriage return line feeds) character...

CWE-932023

CVE-2024-45597

MEDIUM

CVSS:5.3(Medium)

Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. Scripts passing user-controlled values to http.request header values are affected. An attacker could use this to send arbitr...

CWE-932024

CVE-2023-23936

MEDIUM

CVSS:5.4(Medium)

Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. This issu...

CWE-932023

CVE-2024-50405

MEDIUM

CVSS:5.5(Medium)

An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote att...

CWE-932024