CVE Vulnerability

CVE-2020-7695

Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

5.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://snyk.io/vuln/SNYK-PYTHON-UVICORN-570471 Exploit Third Party Advisory
https://github.com/encode/uvicorn Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:encode:uvicorn:*:*:*:*:*:*:*:*
Information

Published : 2020-07-27 12:15

Updated : 2023-01-31 05:26

NVD link : CVE-2020-7695

Mitre link : CVE-2020-7695

Products Affected
No products.
CWE
CWE-74