Miggo Logo

CVE-2021-41084: Response Splitting from unsanitized headers

8.7

CVSS Score
3.1

Basic Information

EPSS Score
0.71903%
Published
9/22/2021
Updated
1/29/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.http4s:http4s-servermaven<= 0.21.280.21.29
org.http4s:http4s-clientmaven<= 0.21.280.21.29
org.http4s:http4s-servermaven>= 0.22.0, <= 0.22.40.22.5
org.http4s:http4s-servermaven>= 0.23.0, <= 0.23.30.23.4
org.http4s:http4s-clientmaven>= 0.22.0, <= 0.22.40.22.5
org.http4s:http4s-clientmaven>= 0.23.0, <= 0.23.30.23.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis:
In progress

WAF Protection Rules

WAF Rule

### Imp**t *ttp*s is vuln*r**l* to r*spons*-splittin* or r*qu*st-splittin* *tt**ks w**n untrust** us*r input is us** to *r**t* *ny o* t** *ollowin* *i*l*s: * *****r n*m*s (`*****r.n*m*`å * *****r v*lu*s (`*****r.v*lu*`) * St*tus r**son p*r*s*s (`St

Reasoning

No *n*lysis *v*il**l*