Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors. **Note:** This issue is present due to an incomplete fix for [CVE-2020-11709](https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-2366507). References: https://gist.github.com/dellalibera/094aece17a86069a7d27f93c8aba2280 https://github.com/yhirose/cpp-httplib/releases/tag/v0.12.4 https://github.com/yhirose/cpp-httplib/commit/5b397d455d25a391ba346863830c1949627b4d08 https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-5591194
Created cpp-httplib tracking bugs for this issue: Affects: fedora-all [bug 2211078] Created et tracking bugs for this issue: Affects: epel-all [bug 2211077] Affects: fedora-all [bug 2211079]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.