GHSA-fg5q-r2q5-qmh3
Suggest an improvement- Source
- https://github.com/advisories/GHSA-fg5q-r2q5-qmh3
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fg5q-r2q5-qmh3/GHSA-fg5q-r2q5-qmh3.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-fg5q-r2q5-qmh3
- Aliases
- Published
- 2022-05-17T03:57:20Z
- Modified
- 2024-04-23T23:11:42.811389Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- Drupal CRLF injection vulnerability in the drupal_set_header function
- Details
-
CRLF injection vulnerability in the drupalsetheader function in Drupal 6.x before 6.38, when used with PHP before 5.1.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP headers.
- Database specific
{ "nvd_published_at": "2016-04-12T15:59:00Z", "cwe_ids": [ "CWE-113" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-04-23T22:29:18Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2016-3166
- https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3166.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3166.yaml
- https://github.com/drupal/core
- https://www.drupal.org/SA-CORE-2016-001
- http://www.debian.org/security/2016/dsa-3498
- http://www.openwall.com/lists/oss-security/2016/02/24/19
- http://www.openwall.com/lists/oss-security/2016/03/15/10
Affected packages
Packagist / drupal/core
Package
- Name
- drupal/core
- Purl
- pkg:composer/drupal/core
Packagist / drupal/drupal
Package
- Name
- drupal/drupal
- Purl
- pkg:composer/drupal/drupal