Tag

Http-Response-Splitting

1 brief RSS

i18next-http-middleware HTTP Response Splitting and DoS Vulnerability

i18next-http-middleware versions before 3.9.3 are vulnerable to HTTP response splitting and denial-of-service attacks due to unsanitized Content-Language headers, potentially leading to session fixation, cache poisoning, reflected XSS, or complete service disruption depending on the Node.js version.

i18next-http-middleware crlf-injection http-response-splitting denial-of-service i18next

2r 1t Jan 3, 2024