Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ESPAsyncWebServer Vulnerable to CRLF Injection in AsyncWebHeader.cpp
Vulnerability Description
ESPAsyncWebServer is an asynchronous HTTP and WebSocket server library for ESP32, ESP8266, RP2040 and RP2350. In versions up to and including 3.7.8, a CRLF (Carriage Return Line Feed) injection vulnerability exists in the construction and output of HTTP headers within `AsyncWebHeader.cpp`. Unsanitized input allows attackers to inject CR (`\r`) or LF (`\n`) characters into header names or values, leading to arbitrary header or response manipulation. Manipulation of HTTP headers and responses can enable a wide range of attacks, making the severity of this vulnerability high. A fix is available at pull request 211 and is expected to be part of version 3.7.9.
CVSS Information
N/A
Vulnerability Type
对CRLF序列的转义处理不恰当(CRLF注入)
Vulnerability Title
ESPAsyncWebServer 注入漏洞
Vulnerability Description
ESPAsyncWebServer是ESP32 Asynchronous Networking社区的一个用于ESP8266和ESP32等微控制器的异步Web服务器。 ESPAsyncWebServer 3.7.8及之前版本存在注入漏洞,该漏洞源于AsyncWebHeader.cpp中HTTP标头构造和输出存在CRLF注入,可能导致任意标头或响应操纵。
CVSS Information
N/A
Vulnerability Type
N/A