CVE-2023-26142

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-26142

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-26142.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-26142

Published

2023-09-12T05:15:41.467Z

Modified

2025-11-15T06:21:03.769808Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the setheader and addheader functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content.

References

Affected packages

Git / github.com/crowcpp/crow

Affected ranges

Type: GIT
Repo: https://github.com/crowcpp/crow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

edf12f699ec3bf6f751cf73cb97f32919e48ca6e

Affected versions

0.*

0.2

v0.*

v0.1

v0.1+5

v0.3

v1.*

v1.0

v1.0+1

v1.0+2

v1.0+3

v1.0+4

v1.0+5

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-26142.json"