Medium severity5.3NVD Advisory· Published Sep 29, 2023· Updated Jun 17, 2026
CVE-2023-26147
CVE-2023-26147
Description
All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when untrusted user input is used to build headers values. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content, like for example additional headers or new response body, leading to a potential XSS vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- gist.github.com/dellalibera/2be265b56b7b3b00de1a777b9dec0c7bnvdExploitThird Party Advisory
- security.snyk.io/vuln/SNYK-UNMANAGED-ITHEWEILIBHV-5730768nvdThird Party Advisory
News mentions
0No linked articles in our index yet.