Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HTTP.jl vulnerable to CR/LF Injection in URIs
Vulnerability Description
HTTP.jl provides HTTP client and server functionality for Julia, and URIs.jl parses and works with Uniform Resource Identifiers (URIs). URIs.jl prior to version 1.6.0 and HTTP.jl prior to version 1.10.17 allows the construction of URIs containing CR/LF characters. If user input was not otherwise escaped or protected, this can lead to a CRLF injection attack. Users of HTTP.jl should upgrade immediately to HTTP.jl v1.10.17, and users of URIs.jl should upgrade immediately to URIs.jl v1.6.0. The check for valid URIs is now in the URI.jl package, and the latest version of HTTP.jl incorporates that fix. As a workaround, manually validate any URIs before passing them on to functions in this package.
CVSS Information
N/A
Vulnerability Type
对CRLF序列的转义处理不恰当(CRLF注入)
Vulnerability Title
Julia URIs.jl 注入漏洞
Vulnerability Description
Julia URIs.jl是Julia开源的一个Julia的库。 Julia URIs.jl 1.6.0之前版本和HTTP.jl 1.10.17之前版本存在注入漏洞,该漏洞源于允许构造包含CRLF字符的URI,可能导致CRLF注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A