Informazioni sul CVE-2023-0040

N/A

CWE ID: CWE-93

Base Score (CVSS): N/A

CVE: CVE-2023-0040

Descrizione: Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted data into HTTP header field values without prior sanitisation. Common use-cases here might be to place usernames from a database into HTTP header fields. This vulnerability allows attackers to inject new HTTP header fields, or entirely new requests, into the data stream. This can cause requests to be understood very differently by the remote server than was intended. In general, this is unlikely to result in data disclosure, but it can result in a number of logical errors and other misbehaviours.

Vettore di attacco

Punteggio CVSS

Il CVSS è un sistema di valutazione che misura la gravità di una vulnerabilità informatica considerando fattori come l’impatto potenziale, la probabilità di attacco e la facilità di esecuzione.

Punteggio Base (calcolato da AziendaSicura): 0.0 (None)

Riassunto: .

Dettaglio del Vettore

Metrica	Valore	Significato	Descrizione

Riferimenti esterni

https://github.com/swift-server/async-http-client/security/advisories/GHSA-v3r5-pjpm-mwgq

Prodotti interessati

Swift Project – Async HTTP Client

Relazioni con altri prodotti

Produttore:Swift Project
Prodotto: Async HTTP Client
Anno: 2023
CWE: CWE-93
CVSS: 0.0