Vulnerabilities
Vulnerable Software
Drogon:  >> Drogon  >> 1.8.2  Security Vulnerabilities
All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-07-06
All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. An attacker can add the \r\n (carriage return line feeds) characters and inject additional headers in the request sent.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-07-06


Contact Us

Shodan ® - All rights reserved