CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-41834

Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content into the HTTP response that is sent to the user's browser. Users should upgrade to Apache Flink Stateful Functions version 3.3.0.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.014

EPSS Ranking 79.4%

CVSS Severity

CVSS v3 Score 6.1

References

http://www.openwall.com/lists/oss-security/2023/09/19/3
https://lists.apache.org/thread/cvxcsdyjqc3lysj1tz7s06zwm36zvwrm
http://www.openwall.com/lists/oss-security/2023/09/19/3
https://lists.apache.org/thread/cvxcsdyjqc3lysj1tz7s06zwm36zvwrm

Products affected by CVE-2023-41834

Apache » Flink Stateful Functions » Version: 3.1.0

cpe:2.3:a:apache:flink_stateful_functions:3.1.0
Apache » Flink Stateful Functions » Version: 3.1.1

cpe:2.3:a:apache:flink_stateful_functions:3.1.1
Apache » Flink Stateful Functions » Version: 3.2.0

cpe:2.3:a:apache:flink_stateful_functions:3.2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-41834

Products

Pricing

Contact Us