Filtered by vendor Crowcpp
Subscribe
Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-34970 | 1 Crowcpp | 1 Crow | 2024-02-04 | N/A | 9.8 CRITICAL |
Crow before 1.0+4 has a heap-based buffer overflow via the function qs_parse in query_string.h. On successful exploitation this vulnerability allows attackers to remotely execute arbitrary code in the context of the vulnerable service. | |||||
CVE-2022-38667 | 1 Crowcpp | 1 Crow | 2024-02-04 | N/A | 9.8 CRITICAL |
HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. | |||||
CVE-2022-38668 | 1 Crowcpp | 1 Crow | 2024-02-04 | N/A | 7.5 HIGH |
HTTP applications (servers) based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB. | |||||
CVE-2021-23824 | 1 Crowcpp | 1 Crow | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code. This may lead to a Cross-site Scripting (XSS) vulnerability, assuming an attacker can influence the value entered into the template. If the template is used to render user-generated content, this vulnerability may escalate to a persistent XSS vulnerability. | |||||
CVE-2021-23514 | 1 Crowcpp | 1 Crow | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
This affects the package Crow before 0.3+4. It is possible to traverse directories to fetch arbitrary files from the server. |