Jjjsmz

**Name of the Vulnerable Software and Affected Versions** cpp-httplib versions prior to 0.44.0 **Description** When the server parses an incoming request, it applies percent-decoding to every header value except Location and Referer. Because the validity check `is field value()` is performed before decoding, encoded `%0D%0A` sequences pass the check and are subsequently expanded into literal `r ` byte pairs within the stored header value. **Recommendations** Update to version 0.44.0.