CVE-2024-45302

Summary

CVE-2024-45302 identifies a vulnerability in the RestSharp library, specifically affecting the RestRequest.AddHeader, RestRequest.AddOrUpdateHeader, and RestClient.AddDefaultHeader methods due to CRLF injection risks. This vulnerability arises because the HttpHeaders.TryAddWithoutValidation method does not validate header values for CRLF characters, allowing potential attackers to inject additional HTTP headers or smuggle entire HTTP requests if user-controlled values are passed through headers. The severity rating is categorized as medium with a CVSS score of 6.1, indicating low confidentiality impact but high availability impact, underlining that exploited vulnerabilities can disrupt service availability. To remediate this issue, developers should sanitize all user input used in headers and consider upgrading to a patched version of the RestSharp library where this vulnerability is addressed. If unaddressed, organizations employing vulnerable applications may face security risks associated with unauthorized header manipulation and subsequent application behavior changes.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.