How severe is CVE-2024-1226?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-1226?

This is classified as CWE-93, which is a common weakness in software security.

CVE-2024-1226

HIGH Year: 2024

CVSS v3 Score

7.5

High

Weakness Type

CWE-93

View all →

Vulnerability Description

The software does not neutralize or incorrectly neutralizes certain characters before the data is included in outgoing HTTP headers. The inclusion of invalidated data in an HTTP header allows an attacker to specify the full HTTP response represented by the browser. An attacker could control the response and craft attacks such as cross-site scripting and cache poisoning attacks.

CVE-2016-10803

HIGH

CVSS:7.5(High)

cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923).

CWE-932016

CVE-2018-1000164

HIGH

CVSS:7.5(High)

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attac...

CWE-932018

CVE-2018-12477

HIGH

CVSS:7.5(High)

A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affecte...

CWE-932018

CVE-2018-19585

HIGH

CVSS:7.5(High)

GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol.

CWE-932018