admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-07 05:28:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-261xx/CVE-2023-26147.json
cad-safe-bot 303b7ade28 Auto-Update: 2023-09-29T14:00:24.671501+00:00
2023-09-29 14:00:28 +00:00

51 lines
2.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-26147",
"sourceIdentifier": "report@snyk.io",
"published": "2023-09-29T05:15:46.630",
"lastModified": "2023-09-29T12:45:33.353",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when untrusted user input is used to build headers values. An attacker can add the \\r\\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content, like for example additional headers or new response body, leading to a potential XSS vulnerability."
},
{
"lang": "es",
"value": "Todas las versiones del paquete ithewei/libhv son vulnerables a la divisi\u00f3n de respuesta HTTP cuando se utilizan entradas de usuarios que no son de confianza para construir los valores de las cabeceras. Un atacante puede agregar los caracteres \\r\\n (avances de l\u00ednea de retorno de carro) al final de las cabeceras de respuesta HTTP e inyectar contenido malicioso, como por ejemplo cabeceras adicionales o un nuevo cuerpo de respuesta, lo que genera una posible vulnerabilidad XSS."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "report@snyk.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://gist.github.com/dellalibera/2be265b56b7b3b00de1a777b9dec0c7b",
"source": "report@snyk.io"
},
{
"url": "https://security.snyk.io/vuln/SNYK-UNMANAGED-ITHEWEILIBHV-5730768",
"source": "report@snyk.io"
}
]
}
Reference in New Issue View Git Blame Copy Permalink