GCVE - cpe:2.3:a:n/a:drogonframework/drogon:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:drogonframework/drogon:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Drogonframework/Drogon (`1c2ffeb2-3816-5e21-a0b5-a94d08b5595a`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-26138`	vulnerable	2026-06-08 05:57:38.703021	Details available MEDIUM (5.4) All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. An attacker can add the \r\n (carriage return line feeds) characters and inject additional headers in the request sent. Published: 2023-07-06T05:00:01.214Z Updated: 2024-11-19T18:57:08.451Z Open on db.gcve.eu Reference links https://security.snyk.io/vuln/SNYK-UNMANAGED-DROGONFRAMEWORKDROGON-5665555 https://gist.github.com/dellalibera/d2abd809f32ec6c61be1f41d80edf61b	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-26137`	vulnerable	2026-06-08 05:57:38.701546	Details available HIGH (7.2) All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content. Published: 2023-07-06T05:00:03.695Z Updated: 2024-11-19T18:56:29.683Z Open on db.gcve.eu Reference links https://security.snyk.io/vuln/SNYK-UNMANAGED-DROGONFRAMEWORKDROGON-5665554 https://gist.github.com/dellalibera/666d67165830ded052a1ede2d2c0b02a	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-25297`	vulnerable	2026-06-08 05:41:45.678003	Arbitrary File Write HIGH (7.5) This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save() method may enable attackers to write files to arbitrary locations outside the designated target folder. Published: 2022-02-21T08:00:17.382Z Updated: 2024-09-16T17:03:37.145Z Open on db.gcve.eu Reference links https://snyk.io/vuln/SNYK-UNMANAGED-DROGONFRAMEWORKDROGON-2407243 https://github.com/drogonframework/drogon/commit/3c785326c63a34aa1799a639ae185bc9453cb447 https://github.com/drogonframework/drogon/pull/1174	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.