Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user input is used to set request headers. An attacker can add the \r\n (carriage return line feeds) characters and inject additional headers in the request sent.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
对CRLF序列的转义处理不恰当(CRLF注入)
Vulnerability Title
libhv 注入漏洞
Vulnerability Description
libhv是ithewei开源的一个比 libevent/libuv/asio 更易用的网络库。 libhv存在注入漏洞,该漏洞源于当使用不受信任的用户输入来设置请求标头时,容易受到CRLF注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A