VYPR

Hex (Elixir) package

cowlib

pkg:hex/cowlib

Vulnerabilities (2)

  • CVE-2026-43969LowMay 11, 2026
    affected >= 2.9.0, <= 2.16.1

    Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cow_cookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list o

  • CVE-2026-43968MedMay 11, 2026
    affected >= 2.6.0, < 2.16.1fixed 2.16.1

    Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cow_sse:event/1 in cowlib guards the id and event fields against \n but not against bare \r, and the internal pre