Home > Vulnerability Database > CVE-2020-24275

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2020-24275

Date: July 19, 2023

A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrary code via supplying a crafted URL.

Language: C++

Severity Score

6.5

Related Resources (6)

Url: https://github.com/swoole/swoole-src/pull/3539

Url: https://blog.cal1.cn/post/HTTP%20Response%20Header%20Injection%20in%20Swoole%3C%3D4.5.2

Url: https://github.com/swoole/swoole-src/pull/3545

Url: https://portswigger.net/kb/issues/00200200_http-response-header-injection

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-24275

Url: https://www.mend.io/vulnerability-database/CVE-2020-24275

Severity Score

6.5

Weakness Type (CWE)

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-74

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Do you need more information?

Contact Us