CWE-93
Improper Neutralization of CRLF Sequences ('CRLF Injection')
The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.
CVE-2024-7472 (GCVE-0-2024-7472)
Vulnerability from cvelistv5
Published
2024-10-29 12:49
Modified
2025-10-15 12:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-93 - Improper Neutralization of CRLF Sequences
Summary
lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API (/v1/users/send-verification) and Sign up API (/auth/signup). An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace character (e.g., \xa0). This vulnerability can be exploited to conduct phishing attacks, damage the application's brand, cause legal and compliance issues, and result in financial impact due to unauthorized email usage.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| lunary-ai | lunary-ai/lunary |
Version: unspecified < 1.4.10 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:lunary-ai:lunary:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lunary",
"vendor": "lunary-ai",
"versions": [
{
"lessThan": "1.4.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7472",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-29T13:52:29.227453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T18:15:43.860Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "lunary-ai/lunary",
"vendor": "lunary-ai",
"versions": [
{
"lessThan": "1.4.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API (/v1/users/send-verification) and Sign up API (/auth/signup). An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace character (e.g., \\xa0). This vulnerability can be exploited to conduct phishing attacks, damage the application\u0027s brand, cause legal and compliance issues, and result in financial impact due to unauthorized email usage."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CWE-93 Improper Neutralization of CRLF Sequences",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T12:49:50.209Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/dc1feec6-1efb-4538-9b56-ab25deb80948"
},
{
"url": "https://github.com/lunary-ai/lunary/commit/a39837d7c49936a0c435d241f37ca2ea7904d2cd"
}
],
"source": {
"advisory": "dc1feec6-1efb-4538-9b56-ab25deb80948",
"discovery": "EXTERNAL"
},
"title": "Email Injection Vulnerability in lunary-ai/lunary"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-7472",
"datePublished": "2024-10-29T12:49:50.701Z",
"dateReserved": "2024-08-04T13:38:41.689Z",
"dateUpdated": "2025-10-15T12:49:50.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0293 (GCVE-0-2025-0293)
Vulnerability from cvelistv5
Published
2025-07-08 15:33
Modified
2025-07-08 16:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Summary
CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Ivanti | Connect Secure |
Patch: 22.7R2.8 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0293",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T16:02:39.689364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T16:02:46.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Connect Secure",
"vendor": "Ivanti",
"versions": [
{
"status": "unaffected",
"version": "22.7R2.8",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Policy Secure",
"vendor": "Ivanti",
"versions": [
{
"status": "unaffected",
"version": "22.7R1.5",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
}
],
"value": "CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk."
}
],
"impacts": [
{
"capecId": "CAPEC-75",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-75 Manipulating Writeable Configuration Files"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T15:33:05.165Z",
"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"shortName": "ivanti"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/July-Security-Advisory-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Multiple-CVEs"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"assignerShortName": "ivanti",
"cveId": "CVE-2025-0293",
"datePublished": "2025-07-08T15:33:05.165Z",
"dateReserved": "2025-01-07T02:28:05.650Z",
"dateUpdated": "2025-07-08T16:02:46.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41376 (GCVE-0-2025-41376)
Vulnerability from cvelistv5
Published
2025-08-01 12:29
Modified
2025-09-11 08:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
CRLF Injection vulnerability in Limesurvey v2.65.1+170522. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via '/index.php/survey/index/sid/<SID>/token/fwyfw%0d%0aCookie:%20POC'.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LimeSurvey | LimeSurvey |
Version: 3.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41376",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-01T13:18:13.156286Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T13:18:25.260Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LimeSurvey",
"vendor": "LimeSurvey",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "B3xal"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCRLF Injection vulnerability in Limesurvey v2.65.1+170522. \u0026nbsp;This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via \u003c/span\u003e\u003cem\u003e\u0027/index.php/survey/index/sid/\u0026lt;SID\u0026gt;/token/fwyfw%0d%0aCookie:%20POC\u0027\u003c/em\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "CRLF Injection vulnerability in Limesurvey v2.65.1+170522. \u00a0This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via \u0027/index.php/survey/index/sid/\u003cSID\u003e/token/fwyfw%0d%0aCookie:%20POC\u0027."
}
],
"impacts": [
{
"capecId": "CAPEC-15",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-15 Command Delimiters"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CWE-93",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T08:56:57.154Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-limesurvey"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CRLF Injection in Limesurvey",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-41376",
"datePublished": "2025-08-01T12:29:59.023Z",
"dateReserved": "2025-04-16T09:57:07.297Z",
"dateUpdated": "2025-09-11T08:56:57.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-57804 (GCVE-0-2025-57804)
Vulnerability from cvelistv5
Published
2025-08-25 21:04
Modified
2025-08-26 19:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Summary
h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request boundaries and bypass security controls. This issue has been patched in version 4.3.0.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| python-hyper | h2 |
Version: < 4.3.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57804",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-26T19:14:14.359281Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T19:14:49.643Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "h2",
"vendor": "python-hyper",
"versions": [
{
"status": "affected",
"version": "\u003c 4.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request boundaries and bypass security controls. This issue has been patched in version 4.3.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T21:04:52.642Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/python-hyper/h2/security/advisories/GHSA-847f-9342-265h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/python-hyper/h2/security/advisories/GHSA-847f-9342-265h"
},
{
"name": "https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a"
}
],
"source": {
"advisory": "GHSA-847f-9342-265h",
"discovery": "UNKNOWN"
},
"title": "h2 allows HTTP Request Smuggling due to illegal characters in headers"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-57804",
"datePublished": "2025-08-25T21:04:52.642Z",
"dateReserved": "2025-08-20T14:30:35.009Z",
"dateUpdated": "2025-08-26T19:14:49.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59419 (GCVE-0-2025-59419)
Vulnerability from cvelistv5
Published
2025-10-15 15:42
Modified
2025-10-17 19:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Summary
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP command injection vulnerability due to insufficient input validation for Carriage Return (\r) and Line Feed (\n) characters in user-supplied parameters. The vulnerability exists in io.netty.handler.codec.smtp.DefaultSmtpRequest, where parameters are directly concatenated into the SMTP command string without sanitization. When methods such as SmtpRequests.rcpt(recipient) are called with a malicious string containing CRLF sequences, attackers can inject arbitrary SMTP commands. Because the injected commands are sent from the server's trusted IP address, resulting emails will likely pass SPF and DKIM authentication checks, making them appear legitimate. This allows remote attackers who can control SMTP command parameters (such as email recipients) to forge arbitrary emails from the trusted server, potentially impersonating executives and forging high-stakes corporate communications. This issue has been patched in versions 4.1.129.Final and 4.2.8.Final. No known workarounds exist.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59419",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T17:21:01.815752Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T17:21:14.724Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-10-17T19:44:00.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.depthfirst.com/post/our-ai-agent-found-a-netty-zero-day-that-bypasses-email-authentication-the-story-of-cve-2025-59419"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "netty",
"vendor": "netty",
"versions": [
{
"status": "affected",
"version": "\u003c 4.2.7.Final"
},
{
"status": "affected",
"version": "\u003e= 4.2.0.Alpha1, \u003c 4.1.128.Final"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP command injection vulnerability due to insufficient input validation for Carriage Return (\\r) and Line Feed (\\n) characters in user-supplied parameters. The vulnerability exists in io.netty.handler.codec.smtp.DefaultSmtpRequest, where parameters are directly concatenated into the SMTP command string without sanitization. When methods such as SmtpRequests.rcpt(recipient) are called with a malicious string containing CRLF sequences, attackers can inject arbitrary SMTP commands. Because the injected commands are sent from the server\u0027s trusted IP address, resulting emails will likely pass SPF and DKIM authentication checks, making them appear legitimate. This allows remote attackers who can control SMTP command parameters (such as email recipients) to forge arbitrary emails from the trusted server, potentially impersonating executives and forging high-stakes corporate communications. This issue has been patched in versions 4.1.129.Final and 4.2.8.Final. No known workarounds exist."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T15:42:30.922Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/netty/netty/security/advisories/GHSA-jq43-27x9-3v86",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-jq43-27x9-3v86"
},
{
"name": "https://github.com/netty/netty/commit/1782e8c2060a244c4d4e6f9d9112d5517ca05120",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/netty/netty/commit/1782e8c2060a244c4d4e6f9d9112d5517ca05120"
}
],
"source": {
"advisory": "GHSA-jq43-27x9-3v86",
"discovery": "UNKNOWN"
},
"title": "Netty netty-codec-smtp SMTP Command Injection Vulnerability Allowing Email Forgery"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59419",
"datePublished": "2025-10-15T15:42:30.922Z",
"dateReserved": "2025-09-15T19:13:16.904Z",
"dateUpdated": "2025-10-17T19:44:00.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6175 (GCVE-0-2025-6175)
Vulnerability from cvelistv5
Published
2025-07-29 12:22
Modified
2025-07-29 13:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Summary
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in DECE Software Geodi allows HTTP Request Splitting.This issue affects Geodi: before GEODI Setup 9.0.146.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| DECE Software | Geodi |
Version: 0 < GEODI Setup 9.0.146 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6175",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T13:26:03.658295Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T13:26:13.211Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Geodi",
"vendor": "DECE Software",
"versions": [
{
"lessThan": "GEODI Setup 9.0.146",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Serhat Yapici"
},
{
"lang": "en",
"type": "sponsor",
"value": "Republic of T\u00fcrkiye Ministry of Trade"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027) vulnerability in DECE Software Geodi allows HTTP Request Splitting.\u003cp\u003eThis issue affects Geodi: before GEODI Setup 9.0.146.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027) vulnerability in DECE Software Geodi allows HTTP Request Splitting.This issue affects Geodi: before GEODI Setup 9.0.146."
}
],
"impacts": [
{
"capecId": "CAPEC-105",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-105 HTTP Request Splitting"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CWE-93 Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T12:22:21.551Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.usom.gov.tr/bildirim/tr-25-0182"
}
],
"source": {
"advisory": "TR-25-0182",
"defect": [
"TR-25-0182"
],
"discovery": "UNKNOWN"
},
"title": "CRLF Injection in DECE Software\u0027s Geodi",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2025-6175",
"datePublished": "2025-07-29T12:22:21.551Z",
"dateReserved": "2025-06-16T14:36:32.336Z",
"dateUpdated": "2025-07-29T13:26:13.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8419 (GCVE-0-2025-8419)
Vulnerability from cvelistv5
Published
2025-08-06 17:10
Modified
2025-09-04 15:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Summary
A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Red Hat | Red Hat build of Keycloak 26.0 |
cpe:/a:redhat:build_keycloak:26.0 |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8419",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-06T17:23:42.798821Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T17:23:54.030Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.0"
],
"defaultStatus": "unaffected",
"packageName": "org.keycloak/keycloak-services",
"product": "Red Hat build of Keycloak 26.0",
"vendor": "Red Hat"
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.0::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-operator-bundle",
"product": "Red Hat build of Keycloak 26.0",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.0.15-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.0::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9",
"product": "Red Hat build of Keycloak 26.0",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.0-18",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.0::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9-operator",
"product": "Red Hat build of Keycloak 26.0",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.0-19",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.2"
],
"defaultStatus": "unaffected",
"packageName": "org.keycloak/keycloak-services",
"product": "Red Hat build of Keycloak 26.2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.2::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-operator-bundle",
"product": "Red Hat build of Keycloak 26.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.2.8-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.2::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9",
"product": "Red Hat build of Keycloak 26.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.2-8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.2::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9-operator",
"product": "Red Hat build of Keycloak 26.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.2-8",
"versionType": "rpm"
}
]
}
],
"datePublic": "2025-08-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw\u0027s only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-04T15:00:09.820Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:15336",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15336"
},
{
"name": "RHSA-2025:15337",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15337"
},
{
"name": "RHSA-2025:15338",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15338"
},
{
"name": "RHSA-2025:15339",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15339"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-8419"
},
{
"name": "RHBZ#2385776",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2385776"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-31T14:11:31.674000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-08-06T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Org.keycloak/keycloak-services: keycloak smtp inject vulnerability",
"workarounds": [
{
"lang": "en",
"value": "Currently, no mitigation is available for this vulnerability."
}
],
"x_redhatCweChain": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-8419",
"datePublished": "2025-08-06T17:10:02.560Z",
"dateReserved": "2025-07-31T14:26:59.052Z",
"dateUpdated": "2025-09-04T15:00:09.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8715 (GCVE-0-2025-8715)
Vulnerability from cvelistv5
Published
2025-08-14 13:00
Modified
2025-08-15 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Summary
Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | PostgreSQL |
Version: 17 < 17.6 Version: 16 < 16.10 Version: 15 < 15.14 Version: 14 < 14.19 Version: 11.20 < 13.22 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8715",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T03:55:56.953Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PostgreSQL",
"vendor": "n/a",
"versions": [
{
"lessThan": "17.6",
"status": "affected",
"version": "17",
"versionType": "rpm"
},
{
"lessThan": "16.10",
"status": "affected",
"version": "16",
"versionType": "rpm"
},
{
"lessThan": "15.14",
"status": "affected",
"version": "15",
"versionType": "rpm"
},
{
"lessThan": "14.19",
"status": "affected",
"version": "14",
"versionType": "rpm"
},
{
"lessThan": "13.22",
"status": "affected",
"version": "11.20",
"versionType": "rpm"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "attacker can direct pg_dump to a chosen origin server or has permission to create non-temporary objects in at least one schema that pg_dump will export"
}
],
"credits": [
{
"lang": "en",
"value": "The PostgreSQL project thanks Noah Misch for reporting this problem."
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T13:00:07.753Z",
"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"shortName": "PostgreSQL"
},
"references": [
{
"url": "https://www.postgresql.org/support/security/CVE-2025-8715/"
}
],
"title": "PostgreSQL pg_dump newline in object name executes arbitrary code in psql client and in restore target server",
"workarounds": [
{
"lang": "en",
"value": "To block attacks against the psql client, use \"pg_restore --dbname\" instead of restore methods that involve \"psql\". To block SQL injection against the restore target server, revoke the CREATE permission from non-superusers at the origin server."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"assignerShortName": "PostgreSQL",
"cveId": "CVE-2025-8715",
"datePublished": "2025-08-14T13:00:07.753Z",
"dateReserved": "2025-08-07T16:39:47.692Z",
"dateUpdated": "2025-08-15T03:55:56.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Implementation
Description:
- Avoid using CRLF as a special sequence.
Mitigation
Phase: Implementation
Description:
- Appropriately filter or quote CRLF sequences in user-controlled input.
CAPEC-15: Command Delimiters
An attack of this type exploits a programs' vulnerabilities that allows an attacker's commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or denylist input validation, as opposed to allowlist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or denylist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.
CAPEC-81: Web Server Logs Tampering
Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.