cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters ("\r\n") when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more.
{ "binaries": [ { "binary_name": "libcpp-httplib-dev", "binary_version": "0.10.3+ds-1" }, { "binary_name": "libcpp-httplib0", "binary_version": "0.10.3+ds-1" } ] }
{ "binaries": [ { "binary_name": "libcpp-httplib-dev", "binary_version": "0.14.3+ds-1.1build2" }, { "binary_name": "libcpp-httplib0.14t64", "binary_version": "0.14.3+ds-1.1build2" } ] }
{ "binaries": [ { "binary_name": "libcpp-httplib-dev", "binary_version": "0.18.7-1" }, { "binary_name": "libcpp-httplib0.18", "binary_version": "0.18.7-1" } ] }