Vulnerabilities > Drogon > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-06 | CVE-2023-26137 | HTTP Request Smuggling vulnerability in Drogon All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions. | 6.1 |
| 2023-07-06 | CVE-2023-26138 | Injection vulnerability in Drogon All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. | 4.3 |
| 2022-11-11 | CVE-2022-3959 | Use of Insufficiently Random Values vulnerability in Drogon A vulnerability, which was classified as problematic, has been found in drogon up to 1.8.1. | 5.3 |