CVE-2026-43966
- EPSS 0.31%
- Veröffentlicht 08.06.2026 16:34:33
- Zuletzt bearbeitet 09.06.2026 15:20:13
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cow_http_struct_hd:escape_string/2...
- EPSS 0.22%
- Veröffentlicht 11.05.2026 18:06:42
- Zuletzt bearbeitet 21.05.2026 13:59:07
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cow_sse:event/1 in cowlib guards the id and event fields against \n but not against...
CVE-2026-7790
- EPSS 0.43%
- Veröffentlicht 11.05.2026 18:06:41
- Zuletzt bearbeitet 13.05.2026 15:57:03
Uncontrolled Resource Consumption vulnerability in ninenines cowlib (cow_http_te module) allows Excessive Allocation. The chunked transfer-encoding parser in cow_http_te accepts an unbounded number of hex digits in the chunk-size field. Each digit c...
CVE-2026-43969
- EPSS 0.15%
- Veröffentlicht 11.05.2026 18:06:40
- Zuletzt bearbeitet 21.05.2026 13:57:49
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cow_cookie:cookie/1 in cowlib builds a client-side Cookie...