CVE-2023-26148

Name of the Vulnerable Software and Affected Versions ithewei/libhv versions all

Description The issue affects the ithewei/libhv package, where untrusted user input used to set request headers can lead to CRLF Injection. An attacker can inject additional headers into the request by adding carriage return line feeds (r ) characters.

Recommendations For all versions, consider restricting the use of untrusted user input in setting request headers until a patch is available. As a temporary workaround, validate and sanitize all user input to prevent the injection of malicious characters, such as r .