Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content into the HTTP response that is sent to the user's browser.
Users should upgrade to Apache Flink Stateful Functions version 3.3.0.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2023/09/19/3 | Mailing List Third Party Advisory |
https://lists.apache.org/thread/cvxcsdyjqc3lysj1tz7s06zwm36zvwrm | Mailing List Vendor Advisory |
Configurations
History
22 Sep 2023, 19:24
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://lists.apache.org/thread/cvxcsdyjqc3lysj1tz7s06zwm36zvwrm - Mailing List, Vendor Advisory | |
References | (MISC) http://www.openwall.com/lists/oss-security/2023/09/19/3 - Mailing List, Third Party Advisory | |
First Time |
Apache
Apache flink Stateful Functions |
|
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CPE | cpe:2.3:a:apache:flink_stateful_functions:*:*:*:*:*:*:*:* |
19 Sep 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Sep 2023, 13:23
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-19 13:16
Updated : 2023-12-10 15:14
NVD link : CVE-2023-41834
Mitre link : CVE-2023-41834
CVE.ORG link : CVE-2023-41834
JSON object : View
Products Affected
apache
- flink_stateful_functions