Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when untrusted user input is used to build headers values. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content, like for example additional headers or new response body, leading to a potential XSS vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
HTTP头部中CRLF序列转义处理不恰当(HTTP响应分割)
Vulnerability Title
libhv 跨站脚本漏洞
Vulnerability Description
libhv是ithewei开源的一个比 libevent/libuv/asio 更易用的网络库。 libhv存在跨站脚本漏洞,该漏洞源于容易受到HTTP响应拆分的影响,导致潜在的跨站脚本(XSS)漏洞。
CVSS Information
N/A
Vulnerability Type
N/A