Vulnerabilities > Crowcpp

DATE CVE VULNERABILITY TITLE RISK
2023-09-12 CVE-2023-26142 Injection vulnerability in Crowcpp Crow 1.0+5
All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values.
network
low complexity
crowcpp CWE-74
6.1
2022-08-22 CVE-2022-38667 Use After Free vulnerability in Crowcpp Crow
HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used.
network
low complexity
crowcpp CWE-416
critical
9.8
2022-08-22 CVE-2022-38668 Use of Uninitialized Resource vulnerability in Crowcpp Crow 1.0+4
HTTP applications (servers) based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB.
network
low complexity
crowcpp CWE-908
7.5
2022-08-04 CVE-2022-34970 Off-by-one Error vulnerability in Crowcpp Crow
Crow before 1.0+4 has a heap-based buffer overflow via the function qs_parse in query_string.h.
network
low complexity
crowcpp CWE-193
critical
9.8
2022-01-13 CVE-2021-23824 Cross-site Scripting vulnerability in Crowcpp Crow
This affects the package Crow before 0.3+4.
network
low complexity
crowcpp CWE-79
6.1
2022-01-13 CVE-2021-23514 Path Traversal vulnerability in Crowcpp Crow
This affects the package Crow before 0.3+4.
network
low complexity
crowcpp CWE-22
7.5