CVE-2023-26142

Name of the Vulnerable Software and Affected Versions crow (affected versions not specified)

Description The issue concerns HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the set header and add header functions. An attacker can add the r (carriage return line feeds) characters to end the HTTP response headers and inject malicious content.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.