Crowcpp Crow
6 CVEs affecting Crowcpp Crow. Latest disclosed: 2023-09-12. Critical: 2, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-38667 | Critical | 9.8 | 2022-08-22 | HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HT… |
CVE-2022-34970 | Critical | 9.8 | 2022-08-04 | Crow before 1.0+4 has a heap-based buffer overflow via the function qs_parse in query_string.h. On successful exploitation this vulnerability allows attackers… |
CVE-2022-38668 | High | 7.5 | 2022-08-22 | HTTP applications (servers) based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a s… |
CVE-2023-26142 | Medium | 6.5 | 2023-09-12 | All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not prop… |
CVE-2021-23824 | Medium | 6.5 | 2022-01-13 | This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional… |
CVE-2021-23514 | Medium | 6.5 | 2022-01-13 | This affects the package Crow before 0.3+4. It is possible to traverse directories to fetch arbitrary files from the server. |