Every CVE whose affected-product data names Crowcpp Crow, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2022-34970 — CVSS 9.8 (critical): Crow before 1.0+4 has a heap-based buffer overflow via the function qs_parse in query_string.h. On successful exploitation this…
CVE-2022-38667 — CVSS 9.8 (critical): HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The…
CVE-2022-38668 — CVSS 7.5 (high): HTTP applications (servers) based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when…
CVE-2021-23514 — CVSS 6.5 (medium): This affects the package Crow before 0.3+4. It is possible to traverse directories to fetch arbitrary files from the server.
CVE-2021-23824 — CVSS 6.5 (medium): This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to…
CVE-2023-26142 — CVSS 6.5 (medium): All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header…