CVE-2024-53693

HIGH Year: 2024
CVSS v3 Score
7.1
High
Weakness Type
CWE-93
View all →

Vulnerability Description

An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later

Related Vulnerabilities

CVE-2020-11078

MEDIUM
CVSS:6.8(Medium)

In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. Th...

CWE-932020

CVE-2016-10803

HIGH
CVSS:7.5(High)

cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923).

CWE-932016

CVE-2018-1000164

HIGH
CVSS:7.5(High)

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attac...

CWE-932018

CVE-2018-12477

HIGH
CVSS:7.5(High)

A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affecte...

CWE-932018

CVE-2018-19585

HIGH
CVSS:7.5(High)

GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol.

CWE-932018

CVE-2019-10678

HIGH
CVSS:7.5(High)

Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options.

CWE-932019