cpp-httplib through 0.5.8 does not filter \r\n in...
High severity
Unreviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Apr 12, 2020
Published to the GitHub Advisory Database
May 24, 2022
Last updated
Apr 4, 2024
cpp-httplib through 0.5.8 does not filter \r\n in parameters passed into the set_redirect and set_header functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts.
References