Primary

Context

HTTP::Tiny Header Injection and Request Smuggling Vulnerability

Vulnerability

Patched

A vulnerability in HTTP::Tiny versions prior to 0.093 for Perl allows for header injection and request smuggling attacks. The issue arises because the library does not properly validate carriage return and line feed (CRLF) characters in HTTP request lines and control field header values. This lack of validation can be exploited by injecting additional headers or manipulating request lines, potentially leading to unauthorized actions on the upstream server.

Impact

Exploitation of this vulnerability could result in header injection and request smuggling, allowing an attacker to manipulate HTTP requests and headers sent to an upstream server.

Remediation

Users can upgrade to HTTP::Tiny version 0.093 or later, where this vulnerability has been addressed.

Added: May 11, 2026, 10:29 PM

Updated: May 11, 2026, 10:29 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.2

exploitability

5.3

remediation

7.7

relevance

8.0

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.2

exploitability

5.3

remediation

7.7

relevance

8.0

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HTTP::Tiny Header Injection and Request Smuggling Vulnerability

Vulnerability

Impact

Remediation

Affected Products

HTTP::Tiny

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating