CVE-2023-26130
Summary
| CVE | CVE-2023-26130 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-05-30 05:15:00 UTC |
|---|
| Updated | 2023-11-07 04:09:00 UTC |
|---|
| Description | Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors.
**Note:** This issue is present due to an incomplete fix for [CVE-2020-11709](https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-2366507). |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Release Fix more CRLF injection problems · yhirose/cpp-httplib · GitHub |
MISC |
github.com |
|
| [SECURITY] Fedora 38 Update: cpp-httplib-0.12.5-1.fc38 - package-announce - Fedora Mailing-Lists |
MISC |
lists.fedoraproject.org |
|
| CRLF Injection in [email protected] · GitHub |
MISC |
gist.github.com |
|
| CRLF Injection in yhirose/cpp-httplib | CVE-2023-26130 | Snyk |
MISC |
security.snyk.io |
|
| Fix more CRLF injection problems. · yhirose/cpp-httplib@5b397d4 · GitHub |
MISC |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 284078 Fedora Security Update for cpp (FEDORA-2023-0070b20b20)
