Vulnerability Details CVE-2020-7695
Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.9%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
Products affected by CVE-2020-7695
-
cpe:2.3:a:encode:uvicorn:-
-
cpe:2.3:a:encode:uvicorn:0.0.1
-
cpe:2.3:a:encode:uvicorn:0.0.10
-
cpe:2.3:a:encode:uvicorn:0.0.11
-
cpe:2.3:a:encode:uvicorn:0.0.12
-
cpe:2.3:a:encode:uvicorn:0.0.13
-
cpe:2.3:a:encode:uvicorn:0.0.14
-
cpe:2.3:a:encode:uvicorn:0.0.15
-
cpe:2.3:a:encode:uvicorn:0.0.2
-
cpe:2.3:a:encode:uvicorn:0.0.3
-
cpe:2.3:a:encode:uvicorn:0.0.4
-
cpe:2.3:a:encode:uvicorn:0.0.5
-
cpe:2.3:a:encode:uvicorn:0.0.6
-
cpe:2.3:a:encode:uvicorn:0.0.7
-
cpe:2.3:a:encode:uvicorn:0.0.8
-
cpe:2.3:a:encode:uvicorn:0.0.9
-
cpe:2.3:a:encode:uvicorn:0.1.0
-
cpe:2.3:a:encode:uvicorn:0.1.1
-
cpe:2.3:a:encode:uvicorn:0.10.0
-
cpe:2.3:a:encode:uvicorn:0.10.1
-
cpe:2.3:a:encode:uvicorn:0.10.2
-
cpe:2.3:a:encode:uvicorn:0.10.3
-
cpe:2.3:a:encode:uvicorn:0.10.4
-
cpe:2.3:a:encode:uvicorn:0.10.5
-
cpe:2.3:a:encode:uvicorn:0.10.6
-
cpe:2.3:a:encode:uvicorn:0.10.7
-
cpe:2.3:a:encode:uvicorn:0.10.8
-
cpe:2.3:a:encode:uvicorn:0.10.9
-
cpe:2.3:a:encode:uvicorn:0.11.0
-
cpe:2.3:a:encode:uvicorn:0.11.1
-
cpe:2.3:a:encode:uvicorn:0.11.2
-
cpe:2.3:a:encode:uvicorn:0.11.3
-
cpe:2.3:a:encode:uvicorn:0.11.4
-
cpe:2.3:a:encode:uvicorn:0.11.5
-
cpe:2.3:a:encode:uvicorn:0.11.6
-
cpe:2.3:a:encode:uvicorn:0.2.0
-
cpe:2.3:a:encode:uvicorn:0.2.1
-
cpe:2.3:a:encode:uvicorn:0.2.10
-
cpe:2.3:a:encode:uvicorn:0.2.11
-
cpe:2.3:a:encode:uvicorn:0.2.12
-
cpe:2.3:a:encode:uvicorn:0.2.13
-
cpe:2.3:a:encode:uvicorn:0.2.14
-
cpe:2.3:a:encode:uvicorn:0.2.15
-
cpe:2.3:a:encode:uvicorn:0.2.16
-
cpe:2.3:a:encode:uvicorn:0.2.17
-
cpe:2.3:a:encode:uvicorn:0.2.18
-
cpe:2.3:a:encode:uvicorn:0.2.19
-
cpe:2.3:a:encode:uvicorn:0.2.2
-
cpe:2.3:a:encode:uvicorn:0.2.20
-
cpe:2.3:a:encode:uvicorn:0.2.21
-
cpe:2.3:a:encode:uvicorn:0.2.22
-
cpe:2.3:a:encode:uvicorn:0.2.3
-
cpe:2.3:a:encode:uvicorn:0.2.4
-
cpe:2.3:a:encode:uvicorn:0.2.5
-
cpe:2.3:a:encode:uvicorn:0.2.6
-
cpe:2.3:a:encode:uvicorn:0.2.7
-
cpe:2.3:a:encode:uvicorn:0.2.8
-
cpe:2.3:a:encode:uvicorn:0.2.9
-
cpe:2.3:a:encode:uvicorn:0.3.0
-
cpe:2.3:a:encode:uvicorn:0.3.1
-
cpe:2.3:a:encode:uvicorn:0.3.10
-
cpe:2.3:a:encode:uvicorn:0.3.11
-
cpe:2.3:a:encode:uvicorn:0.3.12
-
cpe:2.3:a:encode:uvicorn:0.3.13
-
cpe:2.3:a:encode:uvicorn:0.3.14
-
cpe:2.3:a:encode:uvicorn:0.3.15
-
cpe:2.3:a:encode:uvicorn:0.3.16
-
cpe:2.3:a:encode:uvicorn:0.3.17
-
cpe:2.3:a:encode:uvicorn:0.3.18
-
cpe:2.3:a:encode:uvicorn:0.3.19
-
cpe:2.3:a:encode:uvicorn:0.3.2
-
cpe:2.3:a:encode:uvicorn:0.3.20
-
cpe:2.3:a:encode:uvicorn:0.3.21
-
cpe:2.3:a:encode:uvicorn:0.3.22
-
cpe:2.3:a:encode:uvicorn:0.3.23
-
cpe:2.3:a:encode:uvicorn:0.3.24
-
cpe:2.3:a:encode:uvicorn:0.3.25
-
cpe:2.3:a:encode:uvicorn:0.3.26
-
cpe:2.3:a:encode:uvicorn:0.3.27
-
cpe:2.3:a:encode:uvicorn:0.3.28
-
cpe:2.3:a:encode:uvicorn:0.3.29
-
cpe:2.3:a:encode:uvicorn:0.3.3
-
cpe:2.3:a:encode:uvicorn:0.3.30
-
cpe:2.3:a:encode:uvicorn:0.3.31
-
cpe:2.3:a:encode:uvicorn:0.3.32
-
cpe:2.3:a:encode:uvicorn:0.3.4
-
cpe:2.3:a:encode:uvicorn:0.3.5
-
cpe:2.3:a:encode:uvicorn:0.3.6
-
cpe:2.3:a:encode:uvicorn:0.3.7
-
cpe:2.3:a:encode:uvicorn:0.3.8
-
cpe:2.3:a:encode:uvicorn:0.3.9
-
cpe:2.3:a:encode:uvicorn:0.4.0
-
cpe:2.3:a:encode:uvicorn:0.4.1
-
cpe:2.3:a:encode:uvicorn:0.4.2
-
cpe:2.3:a:encode:uvicorn:0.4.3
-
cpe:2.3:a:encode:uvicorn:0.4.4
-
cpe:2.3:a:encode:uvicorn:0.4.5
-
cpe:2.3:a:encode:uvicorn:0.4.6
-
cpe:2.3:a:encode:uvicorn:0.5.0
-
cpe:2.3:a:encode:uvicorn:0.5.1
-
cpe:2.3:a:encode:uvicorn:0.5.2
-
cpe:2.3:a:encode:uvicorn:0.6.0
-
cpe:2.3:a:encode:uvicorn:0.6.1
-
cpe:2.3:a:encode:uvicorn:0.7.0
-
cpe:2.3:a:encode:uvicorn:0.7.1
-
cpe:2.3:a:encode:uvicorn:0.7.2
-
cpe:2.3:a:encode:uvicorn:0.7.3
-
cpe:2.3:a:encode:uvicorn:0.8.0
-
cpe:2.3:a:encode:uvicorn:0.8.1
-
cpe:2.3:a:encode:uvicorn:0.8.2
-
cpe:2.3:a:encode:uvicorn:0.8.3
-
cpe:2.3:a:encode:uvicorn:0.8.4
-
cpe:2.3:a:encode:uvicorn:0.8.5
-
cpe:2.3:a:encode:uvicorn:0.8.6
-
cpe:2.3:a:encode:uvicorn:0.9.0
-
cpe:2.3:a:encode:uvicorn:0.9.1