Common Weakness Enumeration

CWE-644

Allowed

Improper Neutralization of HTTP Headers for Scripting Syntax

Abstraction: Variant · Status: Incomplete

The product does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.

104 vulnerabilities reference this CWE, most recent first.

GHSA-QJVC-XV7P-QQ4H

Vulnerability from github – Published: 2025-02-11 03:30 – Updated: 2025-02-11 03:30
VLAI
Details

Cached values belonging to the SAP OData endpoint in SAP Fiori for SAP ERP could be poisoned by modifying the Host header value in an HTTP GET request. An attacker could alter the atom:link values in the returned metadata redirecting them from the SAP server to a malicious link set by the attacker. Successful exploitation could cause low impact on integrity of the application.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-23191"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-644"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-11T01:15:10Z",
    "severity": "LOW"
  },
  "details": "Cached values belonging to the SAP OData endpoint in SAP Fiori for SAP ERP could be poisoned by modifying the Host header value in an HTTP GET request. An attacker could alter the `atom:link` values in the returned metadata redirecting them from the SAP server to a malicious link set by the attacker. Successful exploitation could cause low impact on integrity of the application.",
  "id": "GHSA-qjvc-xv7p-qq4h",
  "modified": "2025-02-11T03:30:55Z",
  "published": "2025-02-11T03:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23191"
    },
    {
      "type": "WEB",
      "url": "https://me.sap.com/notes/3426825"
    },
    {
      "type": "WEB",
      "url": "https://url.sap/sapsecuritypatchday"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QW8V-34WW-6Q9P

Vulnerability from github – Published: 2026-03-05 21:30 – Updated: 2026-03-06 23:00
VLAI
Summary
@perfood/couch-auth has a host header injection vulnerability
Details

A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and execute an account takeover via spoofing the HTTP Host header.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@perfood/couch-auth"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.26.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-70948"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-644",
      "CWE-74"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-06T23:00:43Z",
    "nvd_published_at": "2026-03-05T21:16:13Z",
    "severity": "MODERATE"
  },
  "details": "A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and execute an account takeover via spoofing the HTTP Host header.",
  "id": "GHSA-qw8v-34ww-6q9p",
  "modified": "2026-03-06T23:00:43Z",
  "published": "2026-03-05T21:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70948"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/0xHunterr/38aab644874ca9f4646524c5b01cfe5e"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/perfood/couch-auth"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/package/@perfood/couch-auth"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "@perfood/couch-auth has a host header injection vulnerability"
}

GHSA-R558-P82G-6V22

Vulnerability from github – Published: 2025-01-31 18:31 – Updated: 2025-02-21 06:31
VLAI
Details

A Host Header Injection vulnerability exists in CTFd 3.7.5, due to the application failing to properly validate or sanitize the Host header. An attacker can manipulate the Host header in HTTP requests, which may lead to phishing attacks, reset password, or cache poisoning.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-23001"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-644",
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-31T17:15:16Z",
    "severity": "MODERATE"
  },
  "details": "A Host Header Injection vulnerability exists in CTFd 3.7.5, due to the application failing to properly validate or sanitize the Host header. An attacker can manipulate the Host header in HTTP requests, which may lead to phishing attacks, reset password, or cache poisoning.",
  "id": "GHSA-r558-p82g-6v22",
  "modified": "2025-02-21T06:31:08Z",
  "published": "2025-01-31T18:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23001"
    },
    {
      "type": "WEB",
      "url": "https://blog.ctfd.io/ctfd-3-7-6"
    },
    {
      "type": "WEB",
      "url": "https://codetoanbug.com/poc-cve-2025-23001-ctfd-english"
    },
    {
      "type": "WEB",
      "url": "https://github.com/CTFd/CTFd"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R8XM-W48H-9P2P

Vulnerability from github – Published: 2025-04-30 12:31 – Updated: 2025-04-30 12:31
VLAI
Details

A vulnerability in the web application of ctrlX OS allows a remote unauthenticated attacker to conduct various attacks against users of the vulnerable system, including web cache poisoning or Man-in-the-Middle (MitM), via a crafted HTTP request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-24339"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-644"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-30T11:15:49Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the web application of ctrlX OS allows a remote unauthenticated attacker to conduct various attacks against users of the vulnerable system, including web cache poisoning or Man-in-the-Middle (MitM), via a crafted HTTP request.",
  "id": "GHSA-r8xm-w48h-9p2p",
  "modified": "2025-04-30T12:31:23Z",
  "published": "2025-04-30T12:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24339"
    },
    {
      "type": "WEB",
      "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R969-783F-6JQR

Vulnerability from github – Published: 2024-02-17 06:30 – Updated: 2024-02-20 23:48
VLAI
Summary
Improper Neutralization of HTTP Headers in github.com/greenpau/caddy-security
Details

All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of security mechanisms or confusion in handling TLS.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/greenpau/caddy-security"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.1.23"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-21499"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-644"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-20T23:48:04Z",
    "nvd_published_at": "2024-02-17T05:15:10Z",
    "severity": "MODERATE"
  },
  "details": "All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of security mechanisms or confusion in handling TLS.",
  "id": "GHSA-r969-783f-6jqr",
  "modified": "2024-02-20T23:48:04Z",
  "published": "2024-02-17T06:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21499"
    },
    {
      "type": "WEB",
      "url": "https://github.com/greenpau/caddy-security/issues/270"
    },
    {
      "type": "WEB",
      "url": "https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249863"
    },
    {
      "type": "PACKAGE",
      "url": "github.com/greenpau/caddy-security"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Neutralization of HTTP Headers in github.com/greenpau/caddy-security"
}

GHSA-VJRC-MH2V-45X6

Vulnerability from github – Published: 2025-11-12 21:42 – Updated: 2025-11-17 21:48
VLAI
Summary
OAuth2-Proxy is vulnerable to header smuggling via underscore leading to potential privilege escalation
Details

Impact

All deployments of OAuth2 Proxy in front of applications that normalize underscores to dashes in HTTP headers (e.g., WSGI-based frameworks such as Django, Flask, FastAPI, and PHP applications).

Authenticated users can inject underscore variants of X-Forwarded-* headers that bypass the proxy’s filtering logic, potentially escalating privileges in the upstream app. OAuth2 Proxy authentication/authorization itself is not compromised.

Patches

This change mitigates a request header smuggling vulnerability where an attacker could bypass header stripping by using different capitalization or replacing dashes with underscores. The problem has been patched with v7.13.0.

By default all specified headers will now be normalized, meaning that both capitalization and the use of underscores (_) versus dashes (-) will be ignored when matching headers to be stripped. For example, both X-Forwarded-For and X_Forwarded-for will now be treated as equivalent and stripped away.

However, if users have a rationale for keeping a similar-looking header and don't want to strip it, a new configuration field for headers managed through AlphaConfig called InsecureSkipHeaderNormalization has been introduced :

// Header represents an individual header that will be added to a request or
// response header.
type Header struct {
    // Name is the header name to be used for this set of values.
    // Names should be unique within a list of Headers.
    Name string `json:"name,omitempty"`

    // PreserveRequestValue determines whether any values for this header
    // should be preserved for the request to the upstream server.
    // This option only applies to injected request headers.
    // Defaults to false (headers that match this header will be stripped).
    PreserveRequestValue bool `json:"preserveRequestValue,omitempty"`

    // InsecureSkipHeaderNormalization disables normalizing the header name
    // According to RFC 7230 Section 3.2 there aren't any rules about
    // capitalization of header names, but the standard practice is to use
    // Title-Case (e.g. X-Forwarded-For). By default, header names will be
    // normalized to Title-Case and any incoming headers that match will be
    // treated as the same header. Additionally underscores (_) in header names
    // will be converted to dashes (-) when normalizing.
    // Defaults to false (header names will be normalized).
    InsecureSkipHeaderNormalization bool `json:"InsecureSkipHeaderNormalization,omitempty"`

    // Values contains the desired values for this header
    Values []HeaderValue `json:"values,omitempty"`
}

Workarounds

Ensure filtering and processing logic in upstream services don't treat underscores and hyphens in Headers the same way.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/oauth2-proxy/oauth2-proxy/v7"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.13.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-64484"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-644"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-11-12T21:42:36Z",
    "nvd_published_at": "2025-11-10T22:15:37Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nAll deployments of OAuth2 Proxy in front of applications that normalize underscores to dashes in HTTP headers (e.g., WSGI-based frameworks such as Django, Flask, FastAPI, and PHP applications).\n\nAuthenticated users can inject underscore variants of X-Forwarded-* headers that bypass the proxy\u2019s filtering logic, potentially escalating privileges in the upstream app. OAuth2 Proxy authentication/authorization itself is not compromised.\n\n### Patches\n\nThis change mitigates a request header smuggling vulnerability where an attacker could bypass header stripping by using different capitalization or replacing dashes with underscores. The problem has been patched with v7.13.0.\n\nBy default all specified headers will now be normalized, meaning that both capitalization and the use of underscores (_) versus dashes (-) will be ignored when matching headers to be stripped. For example, both `X-Forwarded-For` and `X_Forwarded-for` will now be treated as equivalent and stripped away.\n\nHowever, if users have a rationale for keeping a similar-looking header and don\u0027t want to strip it, a new configuration field for headers managed through AlphaConfig called InsecureSkipHeaderNormalization has been introduced :\n\n```golang\n// Header represents an individual header that will be added to a request or\n// response header.\ntype Header struct {\n\t// Name is the header name to be used for this set of values.\n\t// Names should be unique within a list of Headers.\n\tName string `json:\"name,omitempty\"`\n\n\t// PreserveRequestValue determines whether any values for this header\n\t// should be preserved for the request to the upstream server.\n\t// This option only applies to injected request headers.\n\t// Defaults to false (headers that match this header will be stripped).\n\tPreserveRequestValue bool `json:\"preserveRequestValue,omitempty\"`\n\n\t// InsecureSkipHeaderNormalization disables normalizing the header name\n\t// According to RFC 7230 Section 3.2 there aren\u0027t any rules about\n\t// capitalization of header names, but the standard practice is to use\n\t// Title-Case (e.g. X-Forwarded-For). By default, header names will be\n\t// normalized to Title-Case and any incoming headers that match will be\n\t// treated as the same header. Additionally underscores (_) in header names\n\t// will be converted to dashes (-) when normalizing.\n\t// Defaults to false (header names will be normalized).\n\tInsecureSkipHeaderNormalization bool `json:\"InsecureSkipHeaderNormalization,omitempty\"`\n\n\t// Values contains the desired values for this header\n\tValues []HeaderValue `json:\"values,omitempty\"`\n}\n```\n\n### Workarounds\nEnsure filtering and processing logic in upstream services don\u0027t treat underscores and hyphens in Headers the same way.",
  "id": "GHSA-vjrc-mh2v-45x6",
  "modified": "2025-11-17T21:48:56Z",
  "published": "2025-11-12T21:42:36Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-vjrc-mh2v-45x6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64484"
    },
    {
      "type": "WEB",
      "url": "https://github.com/oauth2-proxy/oauth2-proxy/commit/f3f30fa976fb4bb97d6345ba4735cb6d86e24f95"
    },
    {
      "type": "WEB",
      "url": "https://datatracker.ietf.org/doc/html/rfc2616#section-4.2"
    },
    {
      "type": "WEB",
      "url": "https://datatracker.ietf.org/doc/html/rfc822#section-3.2"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/oauth2-proxy/oauth2-proxy"
    },
    {
      "type": "WEB",
      "url": "https://github.com/oauth2-proxy/oauth2-proxy/releases/tag/v7.13.0"
    },
    {
      "type": "WEB",
      "url": "https://github.security.telekom.com/2020/05/smuggling-http-headers-through-reverse-proxies.html"
    },
    {
      "type": "WEB",
      "url": "https://www.uptimia.com/questions/why-are-http-headers-with-underscores-dropped-by-nginx"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OAuth2-Proxy is vulnerable to header smuggling via underscore leading to potential privilege escalation"
}

GHSA-VMQ4-5345-4HV7

Vulnerability from github – Published: 2026-03-25 21:30 – Updated: 2026-03-25 21:30
VLAI
Details

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-14807"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-644"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T21:16:23Z",
    "severity": "MODERATE"
  },
  "details": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST\u00a0headers. This could allow an attacker to conduct various attacks against the vulnerable system,\u00a0including cross-site scripting, cache poisoning or session hijacking.",
  "id": "GHSA-vmq4-5345-4hv7",
  "modified": "2026-03-25T21:30:35Z",
  "published": "2026-03-25T21:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14807"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7267526"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VXFP-88G2-6M62

Vulnerability from github – Published: 2022-05-24 19:08 – Updated: 2024-12-03 03:31
VLAI
Details

HTTP header injection vulnerability in Everything all versions except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product via unspecified vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-20784"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-644"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-14T02:15:00Z",
    "severity": "MODERATE"
  },
  "details": "HTTP header injection vulnerability in Everything all versions except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product via unspecified vectors.",
  "id": "GHSA-vxfp-88g2-6m62",
  "modified": "2024-12-03T03:31:27Z",
  "published": "2022-05-24T19:08:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20784"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN68971465"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN68971465/index.html"
    },
    {
      "type": "WEB",
      "url": "https://www.voidtools.com"
    },
    {
      "type": "WEB",
      "url": "https://www.voidtools.com/downloads"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WRQJ-G5W9-QQ86

Vulnerability from github – Published: 2026-02-17 21:31 – Updated: 2026-02-17 21:31
VLAI
Details

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.  This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-27901"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-644"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-17T20:22:02Z",
    "severity": "MODERATE"
  },
  "details": "IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.\u00a0 This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.",
  "id": "GHSA-wrqj-g5w9-qq86",
  "modified": "2026-02-17T21:31:14Z",
  "published": "2026-02-17T21:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27901"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7259901"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X46M-M7RF-Q64R

Vulnerability from github – Published: 2023-06-14 15:30 – Updated: 2024-04-04 04:49
VLAI
Details

Dell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability. An attacker could potentially exploit this vulnerability, leading to unauthorized admin access to the Cyber Recovery application. Exploitation may lead to complete system takeover by an attacker.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-32465"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-644"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-14T14:15:09Z",
    "severity": "HIGH"
  },
  "details": "\nDell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability. An attacker could potentially exploit this vulnerability, leading to unauthorized admin access to the Cyber Recovery application. Exploitation may lead to complete system takeover by an attacker.\n\n",
  "id": "GHSA-x46m-m7rf-q64r",
  "modified": "2024-04-04T04:49:44Z",
  "published": "2023-06-14T15:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32465"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000214943/dsa-2023-201-security-update-for-dell-powerprotect-cyber-recovery"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Perform output validation in order to filter/escape/encode unsafe data that is being passed from the server in an HTTP response header.

Mitigation
Architecture and Design

Disable script execution functionality in the clients' browser.

No CAPEC attack patterns related to this CWE.