VYPR

CWE-93

Improper Neutralization of CRLF Sequences ('CRLF Injection')

BaseDraft

Description

The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-15 · CAPEC-81

CVEs mapped to this weakness (143)

page 7 of 8
  • CVE-2025-8419Aug 6, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very…

  • CVE-2025-27111Mar 4, 2025
    risk 0.00cvss epss 0.01

    Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences (such as newline characters) into the header, resulting in log injection. This…

  • CVE-2025-25184Feb 12, 2025
    risk 0.00cvss epss 0.01

    Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates…

  • CVE-2024-45302Aug 29, 2024
    risk 0.00cvss epss 0.00

    RestSharp is a Simple REST and HTTP API Client for .NET. The second argument to `RestRequest.AddHeader` (the header value) is vulnerable to CRLF injection. The same applies to `RestRequest.AddOrUpdateHeader` and `RestClient.AddDefaultHeader`. The way HTTP headers are added to a…

  • CVE-2023-23936Feb 16, 2023
    risk 0.00cvss epss 0.01

    Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the `headers.host`…

  • CVE-2023-0040Jan 18, 2023
    risk 0.00cvss epss 0.01

    Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if…

  • CVE-2022-35948Aug 13, 2022
    risk 0.00cvss epss 0.01

    undici is an HTTP/1.1 client, written from scratch for Node.js.`=< undici@5.8.0` users are vulnerable to _CRLF Injection_ on headers when using unsanitized input as request headers, more specifically, inside the `content-type` header. Example: ``` import { request } from…

  • CVE-2022-31151Jul 20, 2022
    risk 0.00cvss epss 0.01

    Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a…

  • CVE-2022-31150Jul 19, 2022
    risk 0.00cvss epss 0.01

    undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. Sanitizing all HTTP headers from untrusted sources to eliminate `\r\n` is a…

  • CVE-2022-0666Feb 18, 2022
    risk 0.00cvss epss 0.44

    CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.

  • CVE-2021-4097Dec 11, 2021
    risk 0.00cvss epss 0.01

    phpservermon is vulnerable to Improper Neutralization of CRLF Sequences

  • CVE-2021-39172Aug 27, 2021
    risk 0.00cvss epss 0.29

    Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can exploit a new line injection in the configuration edition feature (e.g. mail settings) and gain arbitrary code execution on the server.…

  • CVE-2021-31402Apr 15, 2021
    risk 0.00cvss epss 0.01

    The dio package 4.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a different vulnerability than CVE-2020-35669.

  • CVE-2020-15111Jul 20, 2020
    risk 0.00cvss epss 0.01

    In Fiber before version 1.12.6, the filename that is given in c.Attachment() (https://docs.gofiber.io/ctx#attachment) is not escaped, and therefore vulnerable for a CRLF injection attack. I.e. an attacker could upload a custom filename and then give the link to the victim. With…

  • CVE-2020-11078May 20, 2020
    risk 0.00cvss epss 0.03

    In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by…

  • CVE-2017-18587Aug 26, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers.

  • CVE-2019-12387Jun 10, 2019
    risk 0.00cvss epss 0.03

    In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.

  • CVE-2019-11236Apr 15, 2019
    risk 0.00cvss epss 0.02

    In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.

  • CVE-2019-7313Feb 3, 2019
    risk 0.00cvss epss 0.01

    www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain.

  • CVE-2015-0770Jun 7, 2015
    risk 0.00cvss epss 0.02

    CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 and 7.x before 7.3.3 on Integrator C SX20 devices allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL, aka Bug ID CSCut79341.