Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors.
**Note:** This issue is present due to an incomplete fix for [CVE-2020-11709](https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-2366507).
References
Configurations
History
28 Oct 2024, 20:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-77 |
02 May 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Jun 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Jun 2023, 15:18
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-74 | |
First Time |
Cpp-httplib Project cpp-httplib
Cpp-httplib Project |
|
References | (MISC) https://github.com/yhirose/cpp-httplib/commit/5b397d455d25a391ba346863830c1949627b4d08 - Patch | |
References | (MISC) https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-5591194 - Third Party Advisory | |
References | (MISC) https://github.com/yhirose/cpp-httplib/releases/tag/v0.12.4 - Release Notes | |
References | (MISC) https://gist.github.com/dellalibera/094aece17a86069a7d27f93c8aba2280 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:a:cpp-httplib_project:cpp-httplib:*:*:*:*:*:*:*:* |
30 May 2023, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-30 05:15
Updated : 2024-10-28 20:35
NVD link : CVE-2023-26130
Mitre link : CVE-2023-26130
CVE.ORG link : CVE-2023-26130
JSON object : View
Products Affected
cpp-httplib_project
- cpp-httplib