Vulnerabilities > Improper Neutralization of CRLF Sequences ('CRLF Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-27 | CVE-2018-6148 | CRLF Injection vulnerability in Google Chrome Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 6.5 |
| 2019-05-17 | CVE-2018-19585 | CRLF Injection vulnerability in Gitlab GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol. | 7.5 |
| 2019-04-30 | CVE-2019-10272 | CRLF Injection vulnerability in Weaver E-Cology 9.0 An issue was discovered in Weaver e-cology 9.0. | 6.1 |
| 2019-04-15 | CVE-2019-11236 | CRLF Injection vulnerability in Python Urllib3 0.3 In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. | 6.1 |
| 2019-03-31 | CVE-2019-10678 | CRLF Injection vulnerability in Domoticz Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options. | 7.5 |
| 2019-03-23 | CVE-2019-9947 | CRLF Injection vulnerability in Python An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. | 6.1 |
| 2019-03-13 | CVE-2019-9741 | CRLF Injection vulnerability in multiple products An issue was discovered in net/http in Go 1.11.5. | 6.1 |
| 2019-03-13 | CVE-2019-9740 | CRLF Injection vulnerability in Python An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. | 6.1 |
| 2019-02-03 | CVE-2019-7313 | CRLF Injection vulnerability in Buildbot www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. | 6.1 |
| 2018-10-09 | CVE-2018-12477 | CRLF Injection vulnerability in Opensuse Leap 15.0/42.3 A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. | 7.5 |