H1-2861797 — Vulnetix

H1-2861797 PUBLISHED

curl mishandles `%0c%0b` sequences in HTTP responses leading to CRLF confusions, Headers and Cookies Injection

Exploit Intelligence

curl mishandles `%0c%0b` sequences in HTTP responses leading to CRLF confusions, Headers and Cookies Injection (hackerone)
curl mishandles `%0c%0b` sequences in HTTP responses leading to CRLF confusions, Headers and Cookies Injection (hackerone)
glcve_test.go (github-poc)

Timeline

Jul 7, 2025 CVE Published
Jul 7, 2025 PoC Published

References

curl mishandles `%0c%0b` sequences in HTTP responses leading to CRLF confusions, Headers and Cookies Injection advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›