VYPR

drogon

by drogonframework

CVEs (3)

  • CVE-2023-26137HigJul 6, 2023
    risk 0.47cvss 7.2epss 0.00

    All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP…

  • CVE-2023-26138MedJul 6, 2023
    risk 0.35cvss 5.4epss 0.00

    All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. An attacker can add the \r\n (carriage return line feeds) characters and inject additional headers in the…

  • CVE-2022-25297HigFeb 21, 2022
    risk 0.00cvss 7.5epss 0.02

    This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save() method may enable attackers to write files to arbitrary locations outside the designated target folder.