mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-09 19:17:37 +02:00
0xMarcio
754 B
754 B
CVE-2020-11709
Description
cpp-httplib through 0.5.8 does not filter \r\n in parameters passed into the set_redirect and set_header functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts.
POC
Reference
- https://gist.github.com/shouc/a9330df817128bc4c4132abf3de09495
- https://github.com/yhirose/cpp-httplib/issues/425
Github
No PoCs found on GitHub currently.