Vulnerability CVE-2018-18837

Vulnerability CVE-2018-18837

Published: 2019-06-18

Description:

Type:

(Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting'))

CVSS Base Score	Impact Subscore	Exploitability Subscore
5.8/10	4.9/10	8.6/10

Affected software
My-netdata -> Netdata

https://github.com/netdata/netdata/blob/798c141c49ee85bddc8f48f25d2cb593ec96da07/web/api/web_api_v1.c#L367-L370

https://github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97ca

https://github.com/netdata/netdata/pull/4521

https://www.red4sec.com/cve/netdata_header_injection.txt