CVE-2020-11709: Injection Vulnerability

April 12, 2020 (updated April 13, 2020)

cpp-httplib does not filter \r\n in parameters passed into the set_redirect and set_header functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts.

References

nvd.nist.gov/vuln/detail/CVE-2020-11709

Code Behaviors & Features

Detect and mitigate CVE-2020-11709 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →