Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-113 (HTTP头部中CRLF序列转义处理不恰当(HTTP响应分割)) — Vulnerability Class 55

55 vulnerabilities classified as CWE-113 (HTTP头部中CRLF序列转义处理不恰当(HTTP响应分割)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-42035 Axios: Header Injection via Prototype Pollution — axios 7.4 High2026-04-24
CVE-2026-39971 Serendipity: Host Header Injection leads to SMTP header injection via unvalidated HTTP_HOST — Serendipity 7.2 High2026-04-14
CVE-2026-40175 Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain — axios 4.8 Medium2026-04-10
CVE-2026-34715 ewe Has Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Request/Response Splitting) — ewe 5.3 Medium2026-04-02
CVE-2026-34520 AIOHTTP: C parser (llhttp) accepts null bytes and control characters in response header values - header injection / security bypass — aiohttp 9.1 -2026-04-01
CVE-2026-34519 AIOHTTP: HTTP response splitting via \r in reason phrase — aiohttp 6.5 -2026-04-01
CVE-2026-34514 AIOHTTP: CRLF injection in multipart part content type header construction — aiohttp 6.5 -2026-04-01
CVE-2025-55271 HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerability — Aftermarket DPC 3.1 Low2026-03-26
CVE-2026-27810 calibre Vulnerable to HTTP Response Header Injection — calibre 6.4 Medium2026-02-27
CVE-2026-24320 Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP) — SAP NetWeaver and ABAP Platform (Application Server ABAP) 3.1 Low2026-02-10
CVE-2026-23686 CRLF Injection vulnerability in SAP NetWeaver Application Server Java — SAP NetWeaver Application Server Java 3.4 Low2026-02-10
CVE-2026-22779 BlackSheep ClientSession is vulnerable to CRLF injection — BlackSheep 4.3AIMediumAI2026-01-14
CVE-2025-61689 HTTP.jl vulnerable to Header injection/Response splitting via header construction. — HTTP.jl 6.3AIMediumAI2025-10-10
CVE-2025-40927 CGI::Simple versions 1.281 and earlier for Perl has a HTTP response splitting flaw — CGI::Simple 6.1 -2025-08-29
CVE-2025-42934 CRLF Injection vulnerability in SAP S/4HANA (Supplier invoice) — SAP S/4HANA (Supplier invoice) 4.3 Medium2025-08-12
CVE-2025-53007 arduino-esp32 vulnerable to CRLF injection in WebServer.cpp — arduino-esp32 7.5AIHighAI2025-06-26
CVE-2025-41234 RFD Attack via “Content-Disposition” Header Sourced from Request — Spring Framework 6.5 Medium2025-06-12
CVE-2025-30221 Pitchfork HTTP Request/Response Splitting vulnerability — pitchfork 5.4AIMediumAI2025-03-27
CVE-2025-0825 CRLF injection in Cpp-httplib 6.1 -2025-02-04
CVE-2024-52875 GFI Kerio Control 安全漏洞 — Kerio Control 8.8 High2025-01-31
CVE-2024-45687 HTTP Server incorrectly accepting disallowed characters within header values — Payara Server 6.5 -2025-01-21
CVE-2024-54021 Fortinet FortiOS和Fortinet FortiProxy 注入漏洞 — FortiOS 6.4 Medium2025-01-14
CVE-2024-42487 Cilium's Gateway API route matching order contradicts specification — cilium 4.0 Medium2024-08-15
CVE-2024-20392 Cisco AsyncOS 安全漏洞 — Cisco Secure Email 6.1 Medium2024-05-15
CVE-2024-24795 Apache HTTP Server: HTTP Response Splitting in multiple modules — Apache HTTP Server 9.1 -2024-04-04
CVE-2024-23644 trillium-http and trillium-client vulnerable to HTTP Request/Response Splitting — trillium 6.8 Medium2024-01-24
CVE-2023-48256 Bosch Nexo cordless nutrunner 安全漏洞 — Nexo cordless nutrunner NXA015S-36V (0608842001) 5.3 Medium2024-01-10
CVE-2023-26147 libhv 跨站脚本漏洞 — ithewei/libhv 5.3 Medium2023-09-29
CVE-2023-41834 Apache Flink Stateful Functions allowed HTTP header injection due to Improper Neutralization of CRLF Sequences — Apache Flink Stateful Functions 5.4 -2023-09-19
CVE-2023-26142 Crow 注入漏洞 — Crow 6.5 Medium2023-09-12

Vulnerabilities classified as CWE-113 (HTTP头部中CRLF序列转义处理不恰当(HTTP响应分割)) represent 55 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.