CVE-2025-52479

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: HTTP.jl versions prior to 1.10.17 URIs.jl versions prior to 1.6.0

Description: The issue allows the construction of URIs containing CR/LF characters, which can lead to a CRLF injection attack if user input is not properly escaped or protected.

Recommendations: For HTTP.jl versions prior to 1.10.17, upgrade to HTTP.jl v1.10.17. For URIs.jl versions prior to 1.6.0, upgrade to URIs.jl v1.6.0. As a temporary workaround, manually validate any URIs before passing them on to functions in this package.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-113CWE-93

Related Identifiers

CVE-2025-52479

GHSA-4G68-4PXG-MW93

JLSEC-2025-1

Affected Products

Http.Jl

Uris.Jl

CVE-2025-52479

Weakness Enumeration

Related Identifiers

Affected Products

References · 8