CVE-2023-41834

CVSS V2 None CVSS V3 None
Description
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content into the HTTP response that is sent to the user's browser. Users should upgrade to Apache Flink Stateful Functions version 3.3.0.
Overview
  • CVE ID
  • CVE-2023-41834
  • Assigner
  • apache
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2023-09-19T12:34:16.970Z
  • Last Modified Date
  • 2023-09-19T12:34:16.970Z
Weakness Enumerations
CWE URL
CWE-113 http://cwe.mitre.org/data/definitions/113.html
CWE-74 http://cwe.mitre.org/data/definitions/74.html
References
Reference URL Reference Tags
https://lists.apache.org/thread/cvxcsdyjqc3lysj1tz7s06zwm36zvwrm vendor-advisory
http://www.openwall.com/lists/oss-security/2023/09/19/3
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-41834
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41834
History
Created Old Value New Value Data Type Notes
2024-06-25 03:14:23 Added to TrackCVE