Vulnerabilities > Improper Neutralization of CRLF Sequences ('CRLF Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-27 | CVE-2018-6148 | CRLF Injection vulnerability in Google Chrome Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 6.5 |
| 2019-05-17 | CVE-2018-19585 | CRLF Injection vulnerability in Gitlab GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol. | 5.0 |
| 2019-04-30 | CVE-2019-10272 | CRLF Injection vulnerability in Weaver E-Cology 9.0 An issue was discovered in Weaver e-cology 9.0. | 4.3 |
| 2019-04-15 | CVE-2019-11236 | CRLF Injection vulnerability in Python Urllib3 In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. | 6.1 |
| 2019-03-31 | CVE-2019-10678 | CRLF Injection vulnerability in Domoticz Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options. | 5.0 |
| 2019-03-23 | CVE-2019-9947 | CRLF Injection vulnerability in Python An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. | 6.1 |
| 2019-03-13 | CVE-2019-9741 | CRLF Injection vulnerability in multiple products An issue was discovered in net/http in Go 1.11.5. | 6.1 |
| 2019-03-13 | CVE-2019-9740 | CRLF Injection vulnerability in Python An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. | 6.1 |
| 2019-02-03 | CVE-2019-7313 | CRLF Injection vulnerability in Buildbot www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. | 5.8 |
| 2019-01-25 | CVE-2019-6802 | CRLF Injection vulnerability in Python Pypiserver CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI. | 4.3 |