Vulnerabilities > Drogon

DATE	CVE	VULNERABILITY TITLE	RISK
2023-07-06	CVE-2023-26137	HTTP Request Smuggling vulnerability in Drogon All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions. network low complexity drogon CWE-444	6.1
2023-07-06	CVE-2023-26138	Injection vulnerability in Drogon All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. network low complexity drogon CWE-74	4.3
2022-11-11	CVE-2022-3959	Use of Insufficiently Random Values vulnerability in Drogon A vulnerability, which was classified as problematic, has been found in drogon up to 1.8.1. network low complexity drogon CWE-330	5.3
2022-02-21	CVE-2022-25297	Files or Directories Accessible to External Parties vulnerability in Drogon This affects the package drogonframework/drogon before 1.7.5. network low complexity drogon CWE-552	6.5
2021-08-04	CVE-2021-35397	Path Traversal vulnerability in Drogon A path traversal vulnerability in the static router for Drogon from 1.0.0-beta14 to 1.6.0 could allow an unauthenticated, remote attacker to arbitrarily read files. network low complexity drogon CWE-22	5.0

Vulnerabilities > Drogon {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Drogon"}]}