Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
BlackSheep ClientSession is vulnerable to CRLF injection
Vulnerability Description
BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests (e.g. insert a new header) or even create a new HTTP request. Exploitation requires developers to pass unsanitized user input directly into headers.The server part is not affected because BlackSheep delegates to an underlying ASGI server handling of response headers. This vulnerability is fixed in 2.4.6.
CVSS Information
N/A
Vulnerability Type
HTTP头部中CRLF序列转义处理不恰当(HTTP响应分割)
Vulnerability Title
BlackSheep 注入漏洞
Vulnerability Description
BlackSheep是Neoteroi开源的一个Web应用框架。 BlackSheep 2.4.6之前版本存在注入漏洞,该漏洞源于HTTP客户端实现缺少标头验证,可能导致攻击者修改HTTP请求或创建新请求。
CVSS Information
N/A
Vulnerability Type
N/A