Common Weakness Enumeration

CWE-93

Allowed

Improper Neutralization of CRLF Sequences ('CRLF Injection')

Abstraction: Base · Status: Draft

The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

323 vulnerabilities reference this CWE, most recent first.

CVE-2024-51501 (GCVE-0-2024-51501)

Vulnerability from cvelistv5 – Published: 2024-11-04 22:56 – Updated: 2024-11-08 15:18
VLAI
Title
CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes
Summary
Refit is an automatic type-safe REST library for .NET Core, Xamarin and .NET The various header-related Refit attributes (Header, HeaderCollection and Authorize) are vulnerable to CRLF injection. The way HTTP headers are added to a request is via the `HttpHeaders.TryAddWithoutValidation` method. This method does not check for CRLF characters in the header value. This means that any headers added to a refit request are vulnerable to CRLF-injection. In general, CRLF-injection into a HTTP header (when using HTTP/1.1) means that one can inject additional HTTP headers or smuggle whole HTTP requests. If an application using the Refit library passes a user-controllable value through to a header, then that application becomes vulnerable to CRLF-injection. This is not necessarily a security issue for a command line application like the one above, but if such code were present in a web application then it becomes vulnerable to request splitting (as shown in the PoC) and thus Server Side Request Forgery. Strictly speaking this is a potential vulnerability in applications using Refit and not in Refit itself. This issue has been addressed in release versions 7.2.22 and 8.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Assigner
References
Impacted products
Vendor Product Version
reactiveui refit Affected: < 7.2.22
Create a notification for this product.
reactiveui refit Affected: 0 , < 8.0.0 (custom)
    cpe:2.3:a:reactiveui:refit:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:reactiveui:refit:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "refit",
            "vendor": "reactiveui",
            "versions": [
              {
                "lessThan": "8.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-51501",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-05T14:43:10.039516Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-05T14:44:31.669Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "refit",
          "vendor": "reactiveui",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.2.22"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Refit is an automatic type-safe REST library for .NET Core, Xamarin and .NET The various header-related Refit attributes (Header, HeaderCollection and Authorize) are vulnerable to CRLF injection. The way HTTP headers are added to a request is via the `HttpHeaders.TryAddWithoutValidation` method. This method does not check for CRLF characters in the header value. This means that any headers added to a refit request are vulnerable to CRLF-injection. In general, CRLF-injection into a HTTP header (when using HTTP/1.1) means that one can inject additional HTTP headers or smuggle whole HTTP requests. If an application using the Refit library passes a user-controllable value through to a header, then that application becomes vulnerable to CRLF-injection. This is not necessarily a security issue for a command line application like the one above, but if such code were present in a web application then it becomes vulnerable to request splitting (as shown in the PoC) and thus Server Side Request Forgery. Strictly speaking this is a potential vulnerability in applications using Refit and not in Refit itself. This issue has been addressed in release versions 7.2.22 and 8.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-93",
              "description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-08T15:18:51.985Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/reactiveui/refit/security/advisories/GHSA-3hxg-fxwm-8gf7",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/reactiveui/refit/security/advisories/GHSA-3hxg-fxwm-8gf7"
        },
        {
          "name": "https://github.com/reactiveui/refit/blob/258a771f44417c6e48e103ac921fe4786f3c2a1e/Refit/RequestBuilderImplementation.cs#L1328",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/reactiveui/refit/blob/258a771f44417c6e48e103ac921fe4786f3c2a1e/Refit/RequestBuilderImplementation.cs#L1328"
        }
      ],
      "source": {
        "advisory": "GHSA-3hxg-fxwm-8gf7",
        "discovery": "UNKNOWN"
      },
      "title": "CRLF injection in Refit\u0027s [Header], [HeaderCollection] and [Authorize] attributes"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-51501",
    "datePublished": "2024-11-04T22:56:50.231Z",
    "dateReserved": "2024-10-28T14:20:59.339Z",
    "dateUpdated": "2024-11-08T15:18:51.985Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-50405 (GCVE-0-2024-50405)

Vulnerability from cvelistv5 – Published: 2025-03-07 16:13 – Updated: 2025-03-07 17:14
VLAI
Title
QTS, QuTS hero
Summary
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
QNAP Systems Inc. QTS Affected: 5.2.x , < 5.2.3.3006 build 20250108 (custom)
Create a notification for this product.
QNAP Systems Inc. QuTS hero Affected: h5.2.x , < h5.2.3.3006 build 20250108 (custom)
Create a notification for this product.
Credits
Searat and izut
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "LOW",
              "privilegesRequired": "HIGH",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-50405",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-07T17:12:16.397788Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-07T17:14:37.498Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "QTS",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "5.2.3.3006 build 20250108",
              "status": "affected",
              "version": "5.2.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "QuTS hero",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "h5.2.3.3006 build 20250108",
              "status": "affected",
              "version": "h5.2.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Searat and izut"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An improper neutralization of CRLF sequences (\u0027CRLF Injection\u0027) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.2.3.3006 build 20250108 and later\u003cbr\u003eQuTS hero h5.2.3.3006 build 20250108 and later\u003cbr\u003e"
            }
          ],
          "value": "An improper neutralization of CRLF sequences (\u0027CRLF Injection\u0027) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.3.3006 build 20250108 and later\nQuTS hero h5.2.3.3006 build 20250108 and later"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-23",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-23"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-93",
              "description": "CWE-93",
              "lang": "en",
              "type": "CWE"
            },
            {
              "cweId": "CWE-94",
              "description": "CWE-94",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-07T16:13:17.099Z",
        "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "shortName": "qnap"
      },
      "references": [
        {
          "url": "https://www.qnap.com/en/security-advisory/qsa-24-54"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.2.3.3006 build 20250108 and later\u003cbr\u003eQuTS hero h5.2.3.3006 build 20250108 and later\u003cbr\u003e"
            }
          ],
          "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.3.3006 build 20250108 and later\nQuTS hero h5.2.3.3006 build 20250108 and later"
        }
      ],
      "source": {
        "advisory": "QSA-24-54",
        "discovery": "EXTERNAL"
      },
      "title": "QTS, QuTS hero",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
    "assignerShortName": "qnap",
    "cveId": "CVE-2024-50405",
    "datePublished": "2025-03-07T16:13:17.099Z",
    "dateReserved": "2024-10-24T03:45:32.283Z",
    "dateUpdated": "2025-03-07T17:14:37.498Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-48868 (GCVE-0-2024-48868)

Vulnerability from cvelistv5 – Published: 2024-12-06 16:36 – Updated: 2024-12-06 19:36
VLAI
Title
QTS, QuTS hero
Summary
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
QNAP Systems Inc. QTS Affected: 5.1.x , < 5.1.9.2954 build 20241120 (custom)
Affected: 5.2.x , < 5.2.2.2950 build 20241114 (custom)
Create a notification for this product.
QNAP Systems Inc. QuTS hero Affected: h5.1.x , < h5.1.9.2954 build 20241120 (custom)
Affected: h5.2.x , < h5.2.2.2952 build 20241116 (custom)
Create a notification for this product.
qnap qts Affected: 5.1.x , < 5.1.9.2954 build 20241120 (custom)
Affected: 5.2.x , < 5.2.2.2950 build 20241114 (custom)
    cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*
Create a notification for this product.
qnap quts_hero Affected: h5.1.x , < h5.1.9.2954 build 20241120 (custom)
Affected: h5.2.x , < h5.2.2.2952 build 20241116 (custom)
    cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Pwn2Own 2024 - Chris Anastasio & Fabius Watson
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qts",
            "vendor": "qnap",
            "versions": [
              {
                "lessThan": "5.1.9.2954 build 20241120",
                "status": "affected",
                "version": "5.1.x",
                "versionType": "custom"
              },
              {
                "lessThan": "5.2.2.2950 build 20241114",
                "status": "affected",
                "version": "5.2.x",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "quts_hero",
            "vendor": "qnap",
            "versions": [
              {
                "lessThan": "h5.1.9.2954 build 20241120",
                "status": "affected",
                "version": "h5.1.x",
                "versionType": "custom"
              },
              {
                "lessThan": "h5.2.2.2952 build 20241116",
                "status": "affected",
                "version": "h5.2.x",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-48868",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-06T19:26:55.261983Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-06T19:36:12.495Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "QTS",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "5.1.9.2954 build 20241120",
              "status": "affected",
              "version": "5.1.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.2.2.2950 build 20241114",
              "status": "affected",
              "version": "5.2.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "QuTS hero",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "h5.1.9.2954 build 20241120",
              "status": "affected",
              "version": "h5.1.x",
              "versionType": "custom"
            },
            {
              "lessThan": "h5.2.2.2952 build 20241116",
              "status": "affected",
              "version": "h5.2.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Pwn2Own 2024 - Chris Anastasio \u0026 Fabius Watson"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An improper neutralization of CRLF sequences (\u0027CRLF Injection\u0027) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.1.9.2954 build 20241120 and later\u003cbr\u003eQTS 5.2.2.2950 build 20241114 and later\u003cbr\u003eQuTS hero h5.1.9.2954 build 20241120 and later\u003cbr\u003eQuTS hero h5.2.2.2952 build 20241116 and later\u003cbr\u003e"
            }
          ],
          "value": "An improper neutralization of CRLF sequences (\u0027CRLF Injection\u0027) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-15",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-15"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-93",
              "description": "CWE-93",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-06T16:36:27.206Z",
        "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "shortName": "qnap"
      },
      "references": [
        {
          "url": "https://www.qnap.com/en/security-advisory/qsa-24-49"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.1.9.2954 build 20241120 and later\u003cbr\u003eQTS 5.2.2.2950 build 20241114 and later\u003cbr\u003eQuTS hero h5.1.9.2954 build 20241120 and later\u003cbr\u003eQuTS hero h5.2.2.2952 build 20241116 and later\u003cbr\u003e"
            }
          ],
          "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later"
        }
      ],
      "source": {
        "advisory": "QSA-24-49",
        "discovery": "EXTERNAL"
      },
      "title": "QTS, QuTS hero",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
    "assignerShortName": "qnap",
    "cveId": "CVE-2024-48868",
    "datePublished": "2024-12-06T16:36:27.206Z",
    "dateReserved": "2024-10-09T00:22:57.834Z",
    "dateUpdated": "2024-12-06T19:36:12.495Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-48867 (GCVE-0-2024-48867)

Vulnerability from cvelistv5 – Published: 2024-12-06 16:36 – Updated: 2024-12-06 19:38
VLAI
Title
QTS, QuTS hero
Summary
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
QNAP Systems Inc. QTS Affected: 5.1.x , < 5.1.9.2954 build 20241120 (custom)
Affected: 5.2.x , < 5.2.2.2950 build 20241114 (custom)
Create a notification for this product.
QNAP Systems Inc. QuTS hero Affected: h5.1.x , < h5.1.9.2954 build 20241120 (custom)
Affected: h5.2.x , < h5.2.2.2952 build 20241116 (custom)
Create a notification for this product.
qnap qts Affected: 5.1.x , < 5.1.9.2954 build 20241120 (custom)
Affected: 5.2.x , < 5.2.2.2950 build 20241114 (custom)
    cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*
Create a notification for this product.
qnap quts_hero Affected: h5.1.x , < h5.1.9.2954 build 20241120 (custom)
Affected: h5.2.x , < h5.2.2.2952 build 20241116 (custom)
    cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Pwn2Own 2024 - Chris Anastasio & Fabius Watson
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qts",
            "vendor": "qnap",
            "versions": [
              {
                "lessThan": "5.1.9.2954 build 20241120",
                "status": "affected",
                "version": "5.1.x",
                "versionType": "custom"
              },
              {
                "lessThan": "5.2.2.2950 build 20241114",
                "status": "affected",
                "version": "5.2.x",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "quts_hero",
            "vendor": "qnap",
            "versions": [
              {
                "lessThan": "h5.1.9.2954 build 20241120",
                "status": "affected",
                "version": "h5.1.x",
                "versionType": "custom"
              },
              {
                "lessThan": "h5.2.2.2952 build 20241116",
                "status": "affected",
                "version": "h5.2.x",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-48867",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-06T19:27:08.830441Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-06T19:38:19.849Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "QTS",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "5.1.9.2954 build 20241120",
              "status": "affected",
              "version": "5.1.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.2.2.2950 build 20241114",
              "status": "affected",
              "version": "5.2.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "QuTS hero",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "h5.1.9.2954 build 20241120",
              "status": "affected",
              "version": "h5.1.x",
              "versionType": "custom"
            },
            {
              "lessThan": "h5.2.2.2952 build 20241116",
              "status": "affected",
              "version": "h5.2.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Pwn2Own 2024 - Chris Anastasio \u0026 Fabius Watson"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An improper neutralization of CRLF sequences (\u0027CRLF Injection\u0027) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.1.9.2954 build 20241120 and later\u003cbr\u003eQTS 5.2.2.2950 build 20241114 and later\u003cbr\u003eQuTS hero h5.1.9.2954 build 20241120 and later\u003cbr\u003eQuTS hero h5.2.2.2952 build 20241116 and later\u003cbr\u003e"
            }
          ],
          "value": "An improper neutralization of CRLF sequences (\u0027CRLF Injection\u0027) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-15",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-15"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-93",
              "description": "CWE-93",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-06T16:36:20.438Z",
        "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "shortName": "qnap"
      },
      "references": [
        {
          "url": "https://www.qnap.com/en/security-advisory/qsa-24-49"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.1.9.2954 build 20241120 and later\u003cbr\u003eQTS 5.2.2.2950 build 20241114 and later\u003cbr\u003eQuTS hero h5.1.9.2954 build 20241120 and later\u003cbr\u003eQuTS hero h5.2.2.2952 build 20241116 and later\u003cbr\u003e"
            }
          ],
          "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later"
        }
      ],
      "source": {
        "advisory": "QSA-24-49",
        "discovery": "EXTERNAL"
      },
      "title": "QTS, QuTS hero",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
    "assignerShortName": "qnap",
    "cveId": "CVE-2024-48867",
    "datePublished": "2024-12-06T16:36:20.438Z",
    "dateReserved": "2024-10-09T00:22:57.834Z",
    "dateUpdated": "2024-12-06T19:38:19.849Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45597 (GCVE-0-2024-45597)

Vulnerability from cvelistv5 – Published: 2024-09-10 21:42 – Updated: 2024-09-11 13:28
VLAI
Title
Pluto's http.request allows CR and LF in header values
Summary
Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. Scripts passing user-controlled values to http.request header values are affected. An attacker could use this to send arbitrary requests, potentially leveraging authentication tokens provided in the same headers table.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Assigner
References
Impacted products
Vendor Product Version
PlutoLang Pluto Affected: >= 0.9.0, <= 0.9.4
Create a notification for this product.
pluto pluto Affected: 0.9.0 , ≤ 0.9.4 (custom)
    cpe:2.3:a:pluto:pluto:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:pluto:pluto:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pluto",
            "vendor": "pluto",
            "versions": [
              {
                "lessThanOrEqual": "0.9.4",
                "status": "affected",
                "version": "0.9.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45597",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-11T13:19:58.530702Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T13:28:10.303Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Pluto",
          "vendor": "PlutoLang",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.9.0, \u003c= 0.9.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. Scripts passing user-controlled values to http.request header values are affected. An attacker could use this to send arbitrary requests, potentially leveraging authentication tokens provided in the same headers table."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-93",
              "description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-10T21:42:47.530Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/PlutoLang/Pluto/security/advisories/GHSA-w8xp-pmx2-37w7",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/PlutoLang/Pluto/security/advisories/GHSA-w8xp-pmx2-37w7"
        },
        {
          "name": "https://github.com/PlutoLang/Pluto/pull/945",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/PlutoLang/Pluto/pull/945"
        }
      ],
      "source": {
        "advisory": "GHSA-w8xp-pmx2-37w7",
        "discovery": "UNKNOWN"
      },
      "title": "Pluto\u0027s http.request allows CR and LF in header values"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-45597",
    "datePublished": "2024-09-10T21:42:47.530Z",
    "dateReserved": "2024-09-02T16:00:02.423Z",
    "dateUpdated": "2024-09-11T13:28:10.303Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45302 (GCVE-0-2024-45302)

Vulnerability from cvelistv5 – Published: 2024-08-29 21:18 – Updated: 2024-08-30 14:55
VLAI
Title
CRLF Injection in RestSharp's `RestRequest.AddHeader` method
Summary
RestSharp is a Simple REST and HTTP API Client for .NET. The second argument to `RestRequest.AddHeader` (the header value) is vulnerable to CRLF injection. The same applies to `RestRequest.AddOrUpdateHeader` and `RestClient.AddDefaultHeader`. The way HTTP headers are added to a request is via the `HttpHeaders.TryAddWithoutValidation` method which does not check for CRLF characters in the header value. This means that any headers from a `RestSharp.RequestHeaders` object are added to the request in such a way that they are vulnerable to CRLF-injection. In general, CRLF-injection into a HTTP header (when using HTTP/1.1) means that one can inject additional HTTP headers or smuggle whole HTTP requests. If an application using the RestSharp library passes a user-controllable value through to a header, then that application becomes vulnerable to CRLF-injection. This is not necessarily a security issue for a command line application like the one above, but if such code were present in a web application then it becomes vulnerable to request splitting (as shown in the PoC) and thus Server Side Request Forgery. Strictly speaking this is a potential vulnerability in applications using RestSharp, not in RestSharp itself, but I would argue that at the very least there needs to be a warning about this behaviour in the RestSharp documentation. RestSharp has addressed this issue in version 112.0.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Assigner
Impacted products
Vendor Product Version
restsharp RestSharp Affected: >= 107, < 112.0.0
Create a notification for this product.
restsharp restsharp Affected: 107 , < 112.0.0 (custom)
    cpe:2.3:a:restsharp:restsharp:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:restsharp:restsharp:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "restsharp",
            "vendor": "restsharp",
            "versions": [
              {
                "lessThan": "112.0.0",
                "status": "affected",
                "version": "107",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45302",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-30T14:54:23.955865Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-30T14:55:34.162Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RestSharp",
          "vendor": "restsharp",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 107, \u003c 112.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "RestSharp is a Simple REST and HTTP API Client for .NET. The second argument to `RestRequest.AddHeader` (the header value) is vulnerable to CRLF injection. The same applies to `RestRequest.AddOrUpdateHeader` and `RestClient.AddDefaultHeader`. The way HTTP headers are added to a request is via the `HttpHeaders.TryAddWithoutValidation` method which does not check for CRLF characters in the header value. This means that any headers from a `RestSharp.RequestHeaders` object are added to the request in such a way that they are vulnerable to CRLF-injection. In general, CRLF-injection into a HTTP header (when using HTTP/1.1) means that one can inject additional HTTP headers or smuggle whole HTTP requests. If an application using the RestSharp library passes a user-controllable value through to a header, then that application becomes vulnerable to CRLF-injection. This is not necessarily a security issue for a command line application like the one above, but if such code were present in a web application then it becomes vulnerable to request splitting (as shown in the PoC) and thus Server Side Request Forgery. Strictly speaking this is a potential vulnerability in applications using RestSharp, not in RestSharp itself, but I would argue that at the very least there needs to be a warning about this behaviour in the RestSharp documentation. RestSharp has addressed this issue in version 112.0.0. All users are advised to upgrade. There are no known workarounds for this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-93",
              "description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-29T21:18:43.261Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/restsharp/RestSharp/security/advisories/GHSA-4rr6-2v9v-wcpc",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/restsharp/RestSharp/security/advisories/GHSA-4rr6-2v9v-wcpc"
        },
        {
          "name": "https://github.com/restsharp/RestSharp/commit/0fba5e727d241b1867bd71efc912594075c2934b",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/restsharp/RestSharp/commit/0fba5e727d241b1867bd71efc912594075c2934b"
        },
        {
          "name": "https://github.com/restsharp/RestSharp/blob/777bf194ec2d14271e7807cc704e73ec18fcaf7e/src/RestSharp/Request/HttpRequestMessageExtensions.cs#L32",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/restsharp/RestSharp/blob/777bf194ec2d14271e7807cc704e73ec18fcaf7e/src/RestSharp/Request/HttpRequestMessageExtensions.cs#L32"
        }
      ],
      "source": {
        "advisory": "GHSA-4rr6-2v9v-wcpc",
        "discovery": "UNKNOWN"
      },
      "title": "CRLF Injection in RestSharp\u0027s `RestRequest.AddHeader` method"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-45302",
    "datePublished": "2024-08-29T21:18:43.261Z",
    "dateReserved": "2024-08-26T18:25:35.443Z",
    "dateUpdated": "2024-08-30T14:55:34.162Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-32986 (GCVE-0-2024-32986)

Vulnerability from cvelistv5 – Published: 2024-05-03 09:58 – Updated: 2024-08-02 02:27
VLAI
Title
Arbitrary code execution due to improper sanitization of web app properties in PWAsForFirefox
Summary
PWAsForFirefox is a tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox. Due to improper sanitization of web app properties (such as name, description, shortcuts), web apps were able to inject additional lines into XDG Desktop Entries (on Linux) and `AppInfo.ini` (on PortableApps.com). This allowed malicious web apps to introduce keys like `Exec`, which could run arbitrary code when the affected web app was launched. This vulnerability affects all Linux and PortableApps.com users of all PWAsForFirefox versions up to (excluding) 2.12.0. Windows and macOS users are not affected. This vulnerability has been fixed in commit `9932d4b` which has been included in release in v2.12.0. The main fix is implemented in the native part, but the extension also contains additional fixes. All Linux and PortableApps.com users are advised to update to this version as soon as possible. It is also recommended for Windows and macOS users to update to this version, as it contains additional fixes related to properties sanitization. There are no known workarounds for this vulnerability.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
  • CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
  • CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences
Assigner
Impacted products
Vendor Product Version
filips123 PWAsForFirefox Affected: < 2.12.0
Create a notification for this product.
filips123 PWAsForFirefox Affected: -
    cpe:2.3:a:filips123:PWAsForFirefox:-:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:filips123:PWAsForFirefox:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "PWAsForFirefox",
            "vendor": "filips123",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-32986",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-03T16:11:44.257289Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:50:22.920Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:27:53.340Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/filips123/PWAsForFirefox/security/advisories/GHSA-jmhv-m7v5-g5jq",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/filips123/PWAsForFirefox/security/advisories/GHSA-jmhv-m7v5-g5jq"
          },
          {
            "name": "https://github.com/filips123/PWAsForFirefox/commit/9932d4b289631d447f88ace09a2fabafe4cd5bd5",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/filips123/PWAsForFirefox/commit/9932d4b289631d447f88ace09a2fabafe4cd5bd5"
          },
          {
            "name": "https://github.com/filips123/PWAsForFirefox/releases/tag/v2.12.0",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/filips123/PWAsForFirefox/releases/tag/v2.12.0"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PWAsForFirefox",
          "vendor": "filips123",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.12.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "PWAsForFirefox is a tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox. Due to improper sanitization of web app properties (such as name, description, shortcuts), web apps were able to inject additional lines into XDG Desktop Entries (on Linux) and `AppInfo.ini` (on PortableApps.com). This allowed malicious web apps to introduce keys like `Exec`, which could run arbitrary code when the affected web app was launched. This vulnerability affects all Linux and PortableApps.com users of all PWAsForFirefox versions up to (excluding) 2.12.0. Windows and macOS users are not affected. This vulnerability has been fixed in commit `9932d4b` which has been included in release in v2.12.0. The main fix is implemented in the native part, but the extension also contains additional fixes. All Linux and PortableApps.com users are advised to update to this version as soon as possible. It is also recommended for Windows and macOS users to update to this version, as it contains additional fixes related to properties sanitization. There are no known workarounds for this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.7,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-93",
              "description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-150",
              "description": "CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-03T09:58:32.506Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/filips123/PWAsForFirefox/security/advisories/GHSA-jmhv-m7v5-g5jq",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/filips123/PWAsForFirefox/security/advisories/GHSA-jmhv-m7v5-g5jq"
        },
        {
          "name": "https://github.com/filips123/PWAsForFirefox/commit/9932d4b289631d447f88ace09a2fabafe4cd5bd5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/filips123/PWAsForFirefox/commit/9932d4b289631d447f88ace09a2fabafe4cd5bd5"
        },
        {
          "name": "https://github.com/filips123/PWAsForFirefox/releases/tag/v2.12.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/filips123/PWAsForFirefox/releases/tag/v2.12.0"
        }
      ],
      "source": {
        "advisory": "GHSA-jmhv-m7v5-g5jq",
        "discovery": "UNKNOWN"
      },
      "title": "Arbitrary code execution due to improper sanitization of web app properties in PWAsForFirefox "
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-32986",
    "datePublished": "2024-05-03T09:58:32.506Z",
    "dateReserved": "2024-04-22T15:14:59.167Z",
    "dateUpdated": "2024-08-02T02:27:53.340Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-20337 (GCVE-0-2024-20337)

Vulnerability from cvelistv5 – Published: 2024-03-06 16:30 – Updated: 2024-08-01 21:59
VLAI
Summary
A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link while establishing a VPN session. A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token. The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. Individual hosts and services behind the VPN headend would still need additional credentials for successful access.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Secure Client Affected: 4.9.00086
Affected: 4.9.01095
Affected: 4.9.02028
Affected: 4.9.03047
Affected: 4.9.03049
Affected: 4.9.04043
Affected: 4.9.04053
Affected: 4.9.05042
Affected: 4.9.06037
Affected: 4.10.00093
Affected: 4.10.01075
Affected: 4.10.02086
Affected: 4.10.03104
Affected: 4.10.04065
Affected: 4.10.04071
Affected: 4.10.05085
Affected: 4.10.05095
Affected: 4.10.05111
Affected: 4.10.06079
Affected: 4.10.06090
Affected: 4.10.07061
Affected: 4.10.07062
Affected: 4.10.07073
Affected: 5.0.00238
Affected: 5.0.00529
Affected: 5.0.00556
Affected: 5.0.01242
Affected: 5.0.02075
Affected: 5.0.03072
Affected: 5.0.03076
Affected: 5.0.04032
Affected: 5.0.05040
Affected: 5.1.0.136
Affected: 5.1.1.42
Create a notification for this product.
cisco secure_client Affected: 4.10.00093
Affected: 4.10.01075
Affected: 4.10.02086
Affected: 4.10.03104
Affected: 4.10.04065
Affected: 4.10.04071
Affected: 4.10.05085
Affected: 4.10.05095
Affected: 4.10.05111
Affected: 4.10.06079
Affected: 4.10.06090
Affected: 4.10.07061
Affected: 4.10.07062
Affected: 4.10.07073
Affected: 4.9.00086
Affected: 4.9.01095
Affected: 4.9.02028
Affected: 4.9.03047
Affected: 4.9.03049
Affected: 4.9.04043
Affected: 4.9.04053
Affected: 4.9.05042
Affected: 4.9.06037
Affected: 5.0.00238
Affected: 5.0.00529
Affected: 5.0.00556
Affected: 5.0.01242
Affected: 5.0.02075
Affected: 5.0.03072
Affected: 5.0.03076
Affected: 5.0.04032
Affected: 5.1.0.136
Affected: 5.1.1.42
    cpe:2.3:a:cisco:secure_client:4.10.00093:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:4.10.01075:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:4.10.02086:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:4.10.03104:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:4.10.04065:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:4.10.04071:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:4.10.05085:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:4.10.05095:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:4.10.05111:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:4.10.06079:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:4.10.06090:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:4.10.07061:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:4.10.07062:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:4.10.07073:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:4.9.00086:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:4.9.01095:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:4.9.02028:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:4.9.03047:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:4.9.03049:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:4.9.04043:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:4.9.04053:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:4.9.05042:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:4.9.06037:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:5.0.00238:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:5.0.00529:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:5.0.00556:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:5.0.01242:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:5.0.02075:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:5.0.03072:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:5.0.03076:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:5.0.04032:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:5.1.0.136:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_client:5.1.1.42:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:4.10.00093:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.10.01075:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.10.02086:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.10.03104:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.10.04065:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.10.04071:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.10.05085:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.10.05095:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.10.05111:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.10.06079:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.10.06090:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.10.07061:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.10.07062:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.10.07073:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.9.00086:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.9.01095:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.9.02028:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.9.03047:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.9.03049:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.9.04043:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.9.04053:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.9.05042:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.9.06037:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:5.0.00238:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:5.0.00529:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:5.0.00556:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:5.0.01242:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:5.0.02075:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:5.0.03072:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:5.0.03076:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:5.0.04032:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:5.1.0.136:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:5.1.1.42:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "4.10.00093"
              },
              {
                "status": "affected",
                "version": "4.10.01075"
              },
              {
                "status": "affected",
                "version": "4.10.02086"
              },
              {
                "status": "affected",
                "version": "4.10.03104"
              },
              {
                "status": "affected",
                "version": "4.10.04065"
              },
              {
                "status": "affected",
                "version": "4.10.04071"
              },
              {
                "status": "affected",
                "version": "4.10.05085"
              },
              {
                "status": "affected",
                "version": "4.10.05095"
              },
              {
                "status": "affected",
                "version": "4.10.05111"
              },
              {
                "status": "affected",
                "version": "4.10.06079"
              },
              {
                "status": "affected",
                "version": "4.10.06090"
              },
              {
                "status": "affected",
                "version": "4.10.07061"
              },
              {
                "status": "affected",
                "version": "4.10.07062"
              },
              {
                "status": "affected",
                "version": "4.10.07073"
              },
              {
                "status": "affected",
                "version": "4.9.00086"
              },
              {
                "status": "affected",
                "version": "4.9.01095"
              },
              {
                "status": "affected",
                "version": "4.9.02028"
              },
              {
                "status": "affected",
                "version": "4.9.03047"
              },
              {
                "status": "affected",
                "version": "4.9.03049"
              },
              {
                "status": "affected",
                "version": "4.9.04043"
              },
              {
                "status": "affected",
                "version": "4.9.04053"
              },
              {
                "status": "affected",
                "version": "4.9.05042"
              },
              {
                "status": "affected",
                "version": "4.9.06037"
              },
              {
                "status": "affected",
                "version": "5.0.00238"
              },
              {
                "status": "affected",
                "version": "5.0.00529"
              },
              {
                "status": "affected",
                "version": "5.0.00556"
              },
              {
                "status": "affected",
                "version": "5.0.01242"
              },
              {
                "status": "affected",
                "version": "5.0.02075"
              },
              {
                "status": "affected",
                "version": "5.0.03072"
              },
              {
                "status": "affected",
                "version": "5.0.03076"
              },
              {
                "status": "affected",
                "version": "5.0.04032"
              },
              {
                "status": "affected",
                "version": "5.1.0.136"
              },
              {
                "status": "affected",
                "version": "5.1.1.42"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20337",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-09T05:00:57.702576Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-25T17:00:36.986Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:42.871Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-secure-client-crlf-W43V4G7",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-client-crlf-W43V4G7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Secure Client",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "4.9.00086"
            },
            {
              "status": "affected",
              "version": "4.9.01095"
            },
            {
              "status": "affected",
              "version": "4.9.02028"
            },
            {
              "status": "affected",
              "version": "4.9.03047"
            },
            {
              "status": "affected",
              "version": "4.9.03049"
            },
            {
              "status": "affected",
              "version": "4.9.04043"
            },
            {
              "status": "affected",
              "version": "4.9.04053"
            },
            {
              "status": "affected",
              "version": "4.9.05042"
            },
            {
              "status": "affected",
              "version": "4.9.06037"
            },
            {
              "status": "affected",
              "version": "4.10.00093"
            },
            {
              "status": "affected",
              "version": "4.10.01075"
            },
            {
              "status": "affected",
              "version": "4.10.02086"
            },
            {
              "status": "affected",
              "version": "4.10.03104"
            },
            {
              "status": "affected",
              "version": "4.10.04065"
            },
            {
              "status": "affected",
              "version": "4.10.04071"
            },
            {
              "status": "affected",
              "version": "4.10.05085"
            },
            {
              "status": "affected",
              "version": "4.10.05095"
            },
            {
              "status": "affected",
              "version": "4.10.05111"
            },
            {
              "status": "affected",
              "version": "4.10.06079"
            },
            {
              "status": "affected",
              "version": "4.10.06090"
            },
            {
              "status": "affected",
              "version": "4.10.07061"
            },
            {
              "status": "affected",
              "version": "4.10.07062"
            },
            {
              "status": "affected",
              "version": "4.10.07073"
            },
            {
              "status": "affected",
              "version": "5.0.00238"
            },
            {
              "status": "affected",
              "version": "5.0.00529"
            },
            {
              "status": "affected",
              "version": "5.0.00556"
            },
            {
              "status": "affected",
              "version": "5.0.01242"
            },
            {
              "status": "affected",
              "version": "5.0.02075"
            },
            {
              "status": "affected",
              "version": "5.0.03072"
            },
            {
              "status": "affected",
              "version": "5.0.03076"
            },
            {
              "status": "affected",
              "version": "5.0.04032"
            },
            {
              "status": "affected",
              "version": "5.0.05040"
            },
            {
              "status": "affected",
              "version": "5.1.0.136"
            },
            {
              "status": "affected",
              "version": "5.1.1.42"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user. \r\n\r This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link while establishing a VPN session. A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token. The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. Individual hosts and services behind the VPN headend would still need additional credentials for successful access."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-93",
              "description": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-06T16:30:02.285Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-secure-client-crlf-W43V4G7",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-client-crlf-W43V4G7"
        }
      ],
      "source": {
        "advisory": "cisco-sa-secure-client-crlf-W43V4G7",
        "defects": [
          "CSCwi37512"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20337",
    "datePublished": "2024-03-06T16:30:02.285Z",
    "dateReserved": "2023-11-08T15:08:07.642Z",
    "dateUpdated": "2024-08-01T21:59:42.871Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7472 (GCVE-0-2024-7472)

Vulnerability from cvelistv5 – Published: 2024-10-29 12:49 – Updated: 2025-10-15 12:49
VLAI
Title
Email Injection Vulnerability in lunary-ai/lunary
Summary
lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API (/v1/users/send-verification) and Sign up API (/auth/signup). An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace character (e.g., \xa0). This vulnerability can be exploited to conduct phishing attacks, damage the application's brand, cause legal and compliance issues, and result in financial impact due to unauthorized email usage.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-93 - Improper Neutralization of CRLF Sequences
Assigner
Impacted products
Vendor Product Version
lunary-ai lunary-ai/lunary Affected: unspecified , < 1.4.10 (custom)
Create a notification for this product.
lunary-ai lunary Affected: 0 , < 1.4.10 (custom)
    cpe:2.3:a:lunary-ai:lunary:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:lunary-ai:lunary:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lunary",
            "vendor": "lunary-ai",
            "versions": [
              {
                "lessThan": "1.4.10",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7472",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-29T13:52:29.227453Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-29T18:15:43.860Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "lunary-ai/lunary",
          "vendor": "lunary-ai",
          "versions": [
            {
              "lessThan": "1.4.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API (/v1/users/send-verification) and Sign up API (/auth/signup). An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace character (e.g., \\xa0). This vulnerability can be exploited to conduct phishing attacks, damage the application\u0027s brand, cause legal and compliance issues, and result in financial impact due to unauthorized email usage."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-93",
              "description": "CWE-93 Improper Neutralization of CRLF Sequences",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-15T12:49:50.209Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/dc1feec6-1efb-4538-9b56-ab25deb80948"
        },
        {
          "url": "https://github.com/lunary-ai/lunary/commit/a39837d7c49936a0c435d241f37ca2ea7904d2cd"
        }
      ],
      "source": {
        "advisory": "dc1feec6-1efb-4538-9b56-ab25deb80948",
        "discovery": "EXTERNAL"
      },
      "title": "Email Injection Vulnerability in lunary-ai/lunary"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntr_ai",
    "cveId": "CVE-2024-7472",
    "datePublished": "2024-10-29T12:49:50.701Z",
    "dateReserved": "2024-08-04T13:38:41.689Z",
    "dateUpdated": "2025-10-15T12:49:50.209Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-5193 (GCVE-0-2024-5193)

Vulnerability from cvelistv5 – Published: 2024-05-22 10:31 – Updated: 2026-01-05 19:02 X_Open Source
VLAI
Title
Ritlabs TinyWeb Server Request crlf injection
Summary
A security vulnerability has been detected in Ritlabs TinyWeb Server 1.94. This vulnerability affects unknown code of the component Request Handler. The manipulation with the input %0D%0A leads to crlf injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 1.99 is able to resolve this issue. The identifier of the patch is d49c3da6a97e950975b18626878f3ee1f082358e. It is suggested to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Ritlabs TinyWeb Server Affected: 1.94
Unaffected: 1.99
Create a notification for this product.
ritlabs tinyweb Affected: 1.94
    cpe:2.3:a:ritlabs:tinyweb:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Senatorhotchkiss (VulDB User) maximmasiutin (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ritlabs:tinyweb:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "tinyweb",
            "vendor": "ritlabs",
            "versions": [
              {
                "status": "affected",
                "version": "1.94"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5193",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-22T15:07:07.893860Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T18:01:44.689Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:03:11.062Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-265830 | Ritlabs TinyWeb Server Request crlf injection",
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.265830"
          },
          {
            "name": "VDB-265830 | CTI Indicators (IOB, IOC, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.265830"
          },
          {
            "name": "Submit #333059 | Ritlabs TinyWeb Server 1.94 CRLF Injection",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?submit.333059"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/DMCERTCE/CRLF_Tiny"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Request Handler"
          ],
          "product": "TinyWeb Server",
          "vendor": "Ritlabs",
          "versions": [
            {
              "status": "affected",
              "version": "1.94"
            },
            {
              "status": "unaffected",
              "version": "1.99"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Senatorhotchkiss (VulDB User)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "maximmasiutin (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security vulnerability has been detected in Ritlabs TinyWeb Server 1.94. This vulnerability affects unknown code of the component Request Handler. The manipulation with the input %0D%0A leads to crlf injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 1.99 is able to resolve this issue. The identifier of the patch is d49c3da6a97e950975b18626878f3ee1f082358e. It is suggested to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-93",
              "description": "CRLF Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T19:02:50.252Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-265830 | Ritlabs TinyWeb Server Request crlf injection",
          "tags": [
            "vdb-entry",
            "technical-description",
            "mitigation",
            "patch"
          ],
          "url": "https://vuldb.com/?id.265830"
        },
        {
          "name": "VDB-265830 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.265830"
        },
        {
          "name": "Submit #333059 | Ritlabs TinyWeb Server 1.94 CRLF Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.333059"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/DMCERTCE/CRLF_Tiny"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/maximmasiutin/TinyWeb/commit/d49c3da6a97e950975b18626878f3ee1f082358e"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/maximmasiutin/TinyWeb/releases/tag/v1.99"
        },
        {
          "tags": [
            "mitigation"
          ],
          "url": "https://www.masiutin.net/tinyweb-cve-2024-5193.html"
        }
      ],
      "tags": [
        "x_open-source"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-05-22T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-05-22T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-01-05T00:00:00.000Z",
          "value": "Countermeasure disclosed"
        },
        {
          "lang": "en",
          "time": "2026-01-05T20:07:13.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Ritlabs TinyWeb Server Request crlf injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-5193",
    "datePublished": "2024-05-22T10:31:04.297Z",
    "dateReserved": "2024-05-22T05:12:12.895Z",
    "dateUpdated": "2026-01-05T19:02:50.252Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Implementation

Avoid using CRLF as a special sequence.

Mitigation
Implementation

Appropriately filter or quote CRLF sequences in user-controlled input.

CAPEC-15: Command Delimiters

An attack of this type exploits a programs' vulnerabilities that allows an attacker's commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or denylist input validation, as opposed to allowlist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or denylist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.

CAPEC-81: Web Server Logs Tampering

Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.