SYM_PY_0204 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of CRLF Sequences ('CRLF Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') |
| OWASP | A03:2021 - Injection |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
User input from HTTP requests is being written directly to a file without proper validation or sanitization. This allows attackers to inject malicious data into files, potentially corrupting logs or other sensitive resources.
Impact
An attacker could exploit this to manipulate log files, trigger unwanted log rotations, or fill up disk space, leading to denial-of-service or hiding malicious activities. This can disrupt application operations and compromise the integrity of file-based records.