Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-26130

Published: 30/05/2023 Updated: 02/05/2024
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0

Vulnerability Summary

Versions of the package yhirose/cpp-httplib prior to 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors. **Note:** This issue is present due to an incomplete fix for [CVE-2020-11709](security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-2366507).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cpp-httplib project cpp-httplib

Vendor Advisories

Debian CVElist Bug Report Logs: cpp-httplib: CVE-2023-26130
Debian Bug report logs - #1037100 cpp-httplib: CVE-2023-26130 Package: src:cpp-httplib; Maintainer for src:cpp-httplib is Andrea Pappacoda <andrea@pappacodait>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 4 Jun 2023 19:15:01 UTC Severity: important Tags: security, upstream Found in version cpp ...
Red Hat:
DescriptionThe MITRE CVE dictionary describes this issue as: Versions of the package yhirose/cpp-httplib before 0124 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP Patch, Post, Put and Delete requests This can lead to logical errors and other misbehaviors **Note:** This issue is ...

References

CWE-74https://gist.github.com/dellalibera/094aece17a86069a7d27f93c8aba2280https://github.com/yhirose/cpp-httplib/releases/tag/v0.12.4https://github.com/yhirose/cpp-httplib/commit/5b397d455d25a391ba346863830c1949627b4d08https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-5591194https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JY2E7EIRWQMKH6GY4OZOWWBZBY3Q7CGS/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6MO4FSKYNSAJVUXYP7LRY7ARUIGKBFL/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2RY6PKBU73I45L6YWNYCUK2XBEXEFX7L/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYODHZECXYFC2BNODZPZXZAXOKGMCYAP/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037100https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2023-26130
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572CVE-2024-24919CVE-2024-0230CVE-2024-32714HTML injectionlocal file inclusionCVE-2024-31098CVE-2024-31244privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook