2025-02-04 14:11:51
Checkmarx
PUBLISHED
cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters ("rn") when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more.