Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers…
apache·CWE-74·Published 2023-09-19
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content into the HTTP response that is sent to the user's browser. Users should upgrade to Apache Flink Stateful Functions version 3.3.0.
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content into the HTTP response that is sent to the user's browser. Users should upgrade to Apache Flink Stateful Functions version 3.3.0.
La Neutralización Inadecuada de Secuencias CRLF en encabezados HTTP en Apache Flink Stateful Functions 3.1.0, 3.1.1 y 3.2.0 permite a atacantes remotos inyectar encabezados HTTP arbitrarios y realizar ataques de división de respuestas HTTP a través de solicitudes HTTP manipuladas. Los atacantes podrían potencialmente inyectar contenido malicioso en la respuesta HTTP que se envía al navegador del usuario. Los usuarios deben actualizar a Apache Flink Stateful Functions versión 3.3.0.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.1 | Primary | NVD | 6.1 | 2.8 | 2.7 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |