CWE-93

Improper Neutralization of CRLF Sequences ('CRLF Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

174 vulnerabilities with CWE-93
CVE-2023-0040 HIGH
Async HTTP Client <1.13.2 - CRLF Injection
CVSS 7.5
CVE-2022-50682 MEDIUM
Kentico Xperience < 13.0.79 - CRLF Injection via Routing Engine
CVSS 6.5
CVE-2022-35948 MEDIUM
undici < 5.8.1 - CRLF Injection via Content-Type Header
CVSS 5.3
CVE-2022-31150 MEDIUM
undici < 5.8.0 - CRLF Injection in HTTP Headers
CVSS 5.3
CVE-2022-31014 MEDIUM
Nextcloud Server < 19.0.13.7, < 22.2.8 - SMTP Command Injection via CRLF Injection
CVSS 5.4
CVE-2022-0666 HIGH
microweber/microweber <1.2.11 - Stack Trace Exposure
CVSS 7.5
CVE-2021-4097 MEDIUM
php_server_monitor < 3.6.0 - CRLF Injection
CVSS 5.4
CVE-2021-39172 HIGH
Cachet <2.5.1 - Authenticated Code Execution via Configuration Newline Injection
CVSS 8.8
CVE-2021-31164 HIGH
Apache Unomi <1.5.5 - Info Disclosure
CVSS 7.5
CVE-2020-3561 MEDIUM
Cisco Adaptive Security Appliance and Firepower Threat Defense - Unauthenticated CRLF Injection via Clientless SSL VPN
CVSS 4.7
CVE-2020-15111 MEDIUM
Fiber < 1.12.6 - CRLF Injection via Attachment Filename
CVSS 4.2
CVE-2020-11078 MEDIUM
httplib2 < 0.18.0 - HTTP Request Smuggling via CRLF Injection
CVSS 6.8
CVE-2020-3246 MEDIUM
Cisco Umbrella - CRLF Injection via Crafted URL
CVSS 4.3
CVE-2019-15616 MEDIUM
Nextcloud Server < 17.0.0 - CRLF Injection via Dangling Remote Share Attempts
CVSS 4.3
CVE-2019-10272 MEDIUM
Weaver e-cology 9.0 - CRLF Injection
CVSS 6.1
CVE-2019-11236 MEDIUM
urllib3 < 1.24.2 - CRLF Injection via Request Parameter
CVSS 6.1
CVE-2019-10678 HIGH
Domoticz <4.10579 - Info Disclosure
CVSS 7.5
CVE-2019-9947 MEDIUM
Python 2.x-2.7.16 & Python 3.x-3.7.3 - CRLF Injection
CVSS 6.1
CVE-2019-9741 MEDIUM
Go 1.11.5 - CRLF Injection
CVSS 6.1
CVE-2019-9740 MEDIUM
Python < 2.7.17 - CRLF Injection via URL Parameter
CVSS 6.1
CVE-2019-7313 MEDIUM
Buildbot 0.9.0-1.8.0 and PyPI buildbot 0.9.0-1.8.1 - CRLF Injection via Redirect Parameter
CVSS 6.1
CVE-2018-6148 MEDIUM
Chrome < 67.0.3396.79 - Content Security Policy Bypass via Crafted HTML Page
CVSS 6.5
CVE-2018-19585 HIGH
GitLab CE/EE <11.3.11-11.5.1 - CRLF Injection
CVSS 7.5
CVE-2018-12477 LOW
Open Build Service <d6244245dda5367767efc989446fe4b5e4609cce - Info...
CVSS 3.5
CVE-2018-12537 MEDIUM
Eclipse Vert.x <3.5.1 - Code Injection
CVSS 5.3
Details
Vulnerabilities 174
Links
MITRE CWE Entry Search this CWE With Exploits