CWE-93
Improper Neutralization of CRLF Sequences ('CRLF Injection')
The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.
135 vulnerabilities with CWE-93
CVE-2024-32986
CRITICAL
PWAsForFirefox - Code Injection
CVSS 9.6
CVE-2024-1226
HIGH
Software - SSRF
CVSS 7.5
CVE-2024-20337
HIGH
Cisco Secure Client - CRLF Injection
CVSS 8.2
CVE-2023-38551
HIGH
Ivanti Connect Secure <22.x - XSS
CVSS 8.2
CVE-2023-49082
MEDIUM
aiohttp - Request Smuggling
CVSS 5.3
CVE-2023-4768
MEDIUM
ManageEngine Desktop Central <9.1.0 - CRLF Injection
CVSS 6.1
CVE-2023-4767
MEDIUM
ManageEngine Desktop Central <9.1.0 - CRLF Injection
CVSS 6.1
CVE-2023-26148
MEDIUM
ithewei/libhv - CRLF Injection
CVSS 5.4
CVE-2023-26138
MEDIUM
drogonframework/drogon - CRLF Injection
CVSS 5.4
CVE-2023-34472
MEDIUM
AMI SPx - SSRF
CVSS 5.7
CVE-2023-26130
HIGH
yhirose/cpp-httplib < 0.12.4 - CRLF Injection
CVSS 7.5
CVE-2023-23936
MEDIUM
Undici <5.19.1 - CRLF Injection
CVSS 6.5
CVE-2023-0040
HIGH
Async HTTP Client <1.13.2 - CRLF Injection
CVSS 7.5
CVE-2022-50682
MEDIUM
Kentico Xperience - CRLF Injection
CVSS 6.5
CVE-2022-35948
MEDIUM
undici <5.8.0 - CRLF Injection
CVSS 5.3
CVE-2022-31150
MEDIUM
undici <5.7.1 - Code Injection
CVSS 5.3
CVE-2022-31014
MEDIUM
Nextcloud - Command Injection
CVSS 5.4
CVE-2022-0666
HIGH
microweber/microweber <1.2.11 - Stack Trace Exposure
CVSS 7.5
CVE-2021-4097
MEDIUM
phpservermon - XSS
CVSS 5.4
CVE-2021-39172
HIGH
Cachet <2.5.1 - RCE
CVSS 8.8
CVE-2021-31164
HIGH
Apache Unomi <1.5.5 - Info Disclosure
CVSS 7.5
CVE-2020-3561
MEDIUM
Cisco ASA/FTD - XSS
CVSS 4.7
CVE-2020-15111
MEDIUM
Fiber <1.12.6 - CRLF Injection
CVSS 4.2
CVE-2020-11078
MEDIUM
httplib2 <0.18.0 - SSRF
CVSS 6.8
CVE-2020-3246
MEDIUM
Cisco Umbrella - CRLF Injection
CVSS 4.3
Details
Vulnerabilities
135