Vulnerability Change Records for CVE-2024-45302
Change History
New CVE Received by NIST 8/29/2024 6:15:05 PM
Action |
Type |
Old Value |
New Value |
Added |
CVSS V3.1 |
|
GitHub, Inc. AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
|
Added |
CWE |
|
GitHub, Inc. CWE-93
|
Added |
Description |
|
RestSharp is a Simple REST and HTTP API Client for .NET. The second argument to `RestRequest.AddHeader` (the header value) is vulnerable to CRLF injection. The same applies to `RestRequest.AddOrUpdateHeader` and `RestClient.AddDefaultHeader`. The way HTTP headers are added to a request is via the `HttpHeaders.TryAddWithoutValidation` method which does not check for CRLF characters in the header value. This means that any headers from a `RestSharp.RequestHeaders` object are added to the request in such a way that they are vulnerable to CRLF-injection. In general, CRLF-injection into a HTTP header (when using HTTP/1.1) means that one can inject additional HTTP headers or smuggle whole HTTP requests. If an application using the RestSharp library passes a user-controllable value through to a header, then that application becomes vulnerable to CRLF-injection. This is not necessarily a security issue for a command line application like the one above, but if such code were present in a web application then it becomes vulnerable to request splitting (as shown in the PoC) and thus Server Side Request Forgery. Strictly speaking this is a potential vulnerability in applications using RestSharp, not in RestSharp itself, but I would argue that at the very least there needs to be a warning about this behaviour in the RestSharp documentation. RestSharp has addressed this issue in version 112.0.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
|
Added |
Reference |
|
GitHub, Inc. https://github.com/restsharp/RestSharp/blob/777bf194ec2d14271e7807cc704e73ec18fcaf7e/src/RestSharp/Request/HttpRequestMessageExtensions.cs#L32 [No types assigned]
|
Added |
Reference |
|
GitHub, Inc. https://github.com/restsharp/RestSharp/commit/0fba5e727d241b1867bd71efc912594075c2934b [No types assigned]
|
Added |
Reference |
|
GitHub, Inc. https://github.com/restsharp/RestSharp/security/advisories/GHSA-4rr6-2v9v-wcpc [No types assigned]
|
|