<p>There is no fixed version for <code>Crow</code>.</p>

HTTP Response Splitting Affecting Crow package, versions [0,]

Snyk CVSS

Attack Complexity Low

Threat Intelligence

Exploit Maturity Proof of concept

EPSS 0.05% (17^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-UNMANAGED-CROW-5665556
published 11 Sep 2023
disclosed 5 Jun 2023
credit Alessio Della Libera - Snyk Research Team

Report a new vulnerability Found a mistake?

Introduced: 5 Jun 2023

CVE-2023-26142 Open this link in a new tab CWE-113 Open this link in a new tab

How to fix?

There is no fixed version for Crow.

Overview

Crow is a C++ microframework for running web services.

Affected versions of this package are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the set_header and add_header functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content.

References

GitHub Gist