CVE-2023-41834
Last modified
CVE-2023-41834 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content into the HTTP response that is sent to the user's browser. Users should upgrade to Apache Flink Stateful Functions version 3.3.0.. EPSS estimates a 1.61% chance of exploitation in the next 30 days.
Description
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content into the HTTP response that is sent to the user's browser. Users should upgrade to Apache Flink Stateful Functions version 3.3.0.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Flink Stateful Functions | >= 3.1.0, <= 3.2.0 |
References
- http://www.openwall.com/lists/oss-security/2023/09/19/3Mailing List, Third Party Advisory
- https://lists.apache.org/thread/cvxcsdyjqc3lysj1tz7s06zwm36zvwrmMailing List, Vendor Advisory
- http://www.openwall.com/lists/oss-security/2023/09/19/3Mailing List, Third Party Advisory
- https://lists.apache.org/thread/cvxcsdyjqc3lysj1tz7s06zwm36zvwrmMailing List, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-41834?
How severe is CVE-2023-41834?
How do I fix CVE-2023-41834?
Are you affected by CVE-2023-41834?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST