CVE-2025-61689

Name of the Vulnerable Software and Affected Versions HTTP.jl versions prior to 1.10.19

Description HTTP.jl, an HTTP client and server for the Julia programming language, did not properly validate header names and values, creating a risk of header injection and response splitting. This could lead to several security issues, including cache poisoning, cross-site scripting (XSS), and session fixation. The issue stems from a lack of validation for illegal characters in header data. The vulnerable component is the handling of HTTP headers.

Recommendations Update HTTP.jl to version 1.10.19 or later.