Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38668 | 1 Crowcpp | 1 Crow | 2023-08-08 | N/A | 7.5 HIGH |
| HTTP applications (servers) based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB. | |||||
| CVE-2021-23824 | 1 Crowcpp | 1 Crow | 2022-01-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code. This may lead to a Cross-site Scripting (XSS) vulnerability, assuming an attacker can influence the value entered into the template. If the template is used to render user-generated content, this vulnerability may escalate to a persistent XSS vulnerability. | |||||
| CVE-2021-23514 | 1 Crowcpp | 1 Crow | 2022-01-19 | 5.0 MEDIUM | 7.5 HIGH |
| This affects the package Crow before 0.3+4. It is possible to traverse directories to fetch arbitrary files from the server. | |||||