1 results (0.002 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

A program using FoundationNetworking in swift-corelibs-foundation is potentially vulnerable to CRLF ( ) injection in URLRequest headers. In this vulnerability, a client can insert one or several CRLF sequences into a URLRequest header value. When that request is sent via URLSession to an HTTP server, the server may interpret the content after the CRLF as extra headers, or even a second request. For example, consider a URLRequest to http://example.com/ with the GET method. Suppose we set the URLRequest header "Foo" to the value "Bar Extra-Header: Added GET /other HTTP/1.1". • https://github.com/apple/swift-corelibs-foundation/security/advisories/GHSA-4pp3-mpf2-rj63 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •