Moderate severityNVD Advisory· Published Dec 6, 2019· Updated Aug 5, 2024
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria
CVE-2019-16771
Description
Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in 0.97.0. Potential impacts of this vulnerability include cross-user defacement, cache poisoning, Cross-site scripting (XSS), and page hijacking.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.linecorp.armeria:armeriaMaven | >= 0.50.0, < 0.97.0 | 0.97.0 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-24r8-fm9r-cpj2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-16771ghsaADVISORY
- github.com/line/armeria/commit/b597f7a865a527a84ee3d6937075cfbb4470ed20ghsax_refsource_MISCWEB
- github.com/line/armeria/security/advisories/GHSA-24r8-fm9r-cpj2ghsaWEB
- github.com/line/armeria/security/advisories/GHSA-35fr-h7jr-hh86ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.