Hritik14

**Name of the Vulnerable Software and Affected Versions** cpp-httplib versions prior to 0.30.1 **Description** A potential denial of service (DoS) condition exists in cpp-httplib due to the way it handles compressed HTTP request bodies, specifically those using gzip or br compression. The library checks the `payload max length` against the compressed data size received, but does not limit the size of the decompressed data stored in memory. This can lead to excessive memory consumption and potentially cause a DoS. **Recommendations** Update cpp-httplib to version 0.30.1 or later.

**Name of the Vulnerable Software and Affected Versions** cpp-httplib versions prior to 0.30.0 **Description** The `write headers` function in cpp-httplib does not properly validate user-supplied headers, specifically failing to check for carriage return (CR) and line feed (LF) characters. This allows attackers to inject additional headers, potentially modify the request body, and trigger a Server-Side Request Forgery (SSRF) attack. When used with servers supporting HTTP/1.1 pipelining, the risk of SSRF is increased. The vulnerable component is the `write headers` function. **Recommendations** Update to version 0.30.0 or later.