CVE-2025-61689 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

HTTP.jl is an HTTP client and server functionality for the Julia programming language. Prior to version 1.10.19, HTTP.jl did not validate header names/values fo…
High CVSS: 8.7

CVE-2025-61689

HTTP.jl is an HTTP client and server functionality for the Julia programming language. Prior to version 1.10.19, HTTP.jl did not validate header names/values for illegal characters, allowing CRLF-based header injection and response splitting. This enables HTTP response splitting and header injection, leading to cache poisoning, XSS, session fixation, and more. This issue is fixed in HTTP.jl `v1.10.19`.
Vendor
-
Product
-
CWE
CWE-113
Yayın Tarihi
2025-10-10 17:15:39
Güncelleme
2025-10-14 19:36:59
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-113 HIGH 2025

Referanslar

https://github.com/JuliaWeb/HTTP.jl/releases/tag/v1.10.19 https://github.com/JuliaWeb/HTTP.jl/security/advisories/GHSA-h3x8-ppwj-6vcj