CVE-2023-26137

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jul 6, 2023
Updated: Nov 7, 2023
CWE ID 444
CWE ID 113

Summary

CVE-2023-26137 is a vulnerability affecting all versions of the drogonframework/drogon package. This issue allows attackers to exploit HTTP Response Splitting by introducing untrusted user input in the addHeader and addCookie functions. By injecting carriage return line feeds, an attacker can manipulate response headers and inject malicious content into subsequent HTTP responses. The vulnerability poses a serious threat to web applications using the impacted package and requires immediate patching.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share