"-Synchronized-Data."

2025-06-21 05:40:25 +00:00 · 2023-09-12 05:00:37 +00:00 · 2023-09-12 05:00:37 +00:00 · 070312a809
commit 070312a809
parent 60e11da693
1 changed files with 80 additions and 4 deletions
--- a/2023/26xxx/CVE-2023-26142.json
+++ b/2023/26xxx/CVE-2023-26142.json
@ -1,17 +1,93 @@
 {
+    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2023-26142",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "report@snyk.io",
+        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the set_header and add_header functions. An attacker can add the \\r\\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "HTTP Response Splitting",
+                        "cweId": "CWE-113"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Crow",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<",
+                                            "version_name": "0",
+                                            "version_value": "*"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://security.snyk.io/vuln/SNYK-UNMANAGED-CROW-5665556",
+                "refsource": "MISC",
+                "name": "https://security.snyk.io/vuln/SNYK-UNMANAGED-CROW-5665556"
+            },
+            {
+                "url": "https://gist.github.com/dellalibera/9247769cc90ed96c0d72ddbcba88c65c",
+                "refsource": "MISC",
+                "name": "https://gist.github.com/dellalibera/9247769cc90ed96c0d72ddbcba88c65c"
+            }
+        ]
+    },
+    "credits": [
+        {
+            "lang": "en",
+            "value": "Alessio Della Libera - Snyk Research Team"
+        }
+    ],
+    "impact": {
+        "cvss": [
+            {
+                "version": "3.1",
+                "attackVector": "NETWORK",
+                "attackComplexity": "LOW",
+                "privilegesRequired": "NONE",
+                "userInteraction": "NONE",
+                "scope": "UNCHANGED",
+                "confidentialityImpact": "LOW",
+                "integrityImpact": "LOW",
+                "availabilityImpact": "NONE",
+                "baseScore": 6.5,
+                "baseSeverity": "MEDIUM",
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P"
            }
        ]
    }