Fluid Attacks Database

Description

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors.

Note: This issue is present due to an incomplete fix for CVE-2020-11709.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	cpp-httplib	=0.11.4+ds-1 \|\| >=0 <0.11.4+ds-1+deb12u1	0.11.4+ds-1+deb12u1
debian 13	cpp-httplib	>=0 <0.11.4+ds-2	0.11.4+ds-2
debian 14	cpp-httplib	>=0 <0.11.4+ds-2	0.11.4+ds-2

Aliases

1. CVE-2023-261302. NVD-2023-261303. OSV-DEBIAN-2023-261304. OSV-2023-261305. SECURITY-TRACKER-CVE-2023-26130

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.