set_redirect & set_header are susceptible to http response splitting attack #425

yhirose released this 13 Apr 16:28

· 1009 commits to master since this release

v0.5.9

85327e1

Fixed CVE-2020-11709

cpp-httplib through 0.5.8 does not filter \r\n in parameters passed into the set_redirect and set_header functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts.

https://nvd.nist.gov/vuln/detail/CVE-2020-11709
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11709

Assets 2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

set_redirect & set_header are susceptible to http response splitting attack #425

Uh oh!