Stig

**Name of the Vulnerable Software and Affected Versions** HTTP::Tiny versions prior to 0.093 **Description** Perl HTTP::Tiny fails to validate CRLF (Carriage Return Line Feed) sequences in HTTP request lines or control field header values. The issue involves unvalidated inputs including the method and URI in the request line, the URL host used for the "Host:" header, and HTTP/1.1 control data field values. An attacker controlling these inputs, such as through a user-supplied URL in a webhook or URL fetch endpoint, can inject additional headers and smuggle requests to the upstream server. **Recommendations** Update to version 0.093 or later.