CVE-2025-30221

MEDIUM Year: 2025
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-113
View all →

Vulnerability Description

Pitchfork is a preforking HTTP server for Rack applications. Versions prior to 0.11.0 are vulnerable to HTTP Response Header Injection when used in conjunction with Rack 3. The issue was fixed in Pitchfork release 0.11.0. No known workarounds are available.

Related Vulnerabilities

CVE-2023-0508

MEDIUM
CVSS:4.3(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. O...

CWE-1132023

CVE-2024-42487

MEDIUM
CVSS:4.3(Medium)

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes...

CWE-1132024

CVE-2020-3117

MEDIUM
CVSS:4.7(Medium)

A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance (WSA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to in...

CWE-1132020

CVE-2017-12309

MEDIUM
CVSS:5.3(Medium)

A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the ...

CWE-1132017

CVE-2017-17742

MEDIUM
CVSS:5.3(Medium)

Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP...

CWE-1132017

CVE-2022-20772

MEDIUM
CVSS:5.3(Medium)

A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulner...

CWE-1132022