Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HTTP Response Splitting
Vulnerability Description
Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
N/A
Vulnerability Title
Encode OSS Uvicorn 注入漏洞
Vulnerability Description
Encode OSS Uvicorn是英国Encode OSS公司的一款基于uvloop和httptools构建的ASGI(Web服务器网关接口)服务器。 Encode OSS Uvicorn 0.11.7之前版本中存在注入漏洞,该漏洞源于程序没有转义HTTP标头中的CRLF序列。攻击者可利用该漏洞向HTTP相应中添加任意标头或使其返回任意相应主体。
CVSS Information
N/A
Vulnerability Type
N/A