CVE-2023-37978

CVSS 3.1 Score 4.9 of 10 (medium)

Details

Published Nov 13, 2023
Updated: Nov 17, 2023
CWE ID 918

Summary

CVE-2023-37978 is a Server-Side Request Forgery (SSRF) vulnerability affecting the HTTP Headers library, specifically versions from n/a to 1.18.11. An attacker could exploit this issue by manipulating malicious HTTP headers to trigger the server to send requests to arbitrary internal resources, potentially gaining unauthorized access to sensitive information or executing unintended actions. This vulnerability poses a significant risk to systems using the affected HTTP Headers library and requires immediate attention and patching to mitigate the threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share