Medium severity6.5NVD Advisory· Published Sep 12, 2023· Updated Jun 17, 2026
CVE-2023-26142
CVE-2023-26142
Description
All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the set_header and add_header functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- crow/crowdescription
Patches
Vulnerability mechanics
References
2- gist.github.com/dellalibera/9247769cc90ed96c0d72ddbcba88c65cnvdExploitThird Party Advisory
- security.snyk.io/vuln/SNYK-UNMANAGED-CROW-5665556nvdThird Party Advisory
News mentions
0No linked articles in our index yet.