{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-5193", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-05-22T05:12:12.895Z", "datePublished": "2024-05-22T10:31:04.297Z", "dateUpdated": "2026-01-05T19:02:50.252Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-01-05T19:02:50.252Z"}, "title": "Ritlabs TinyWeb Server Request crlf injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-93", "lang": "en", "description": "CRLF Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "Ritlabs", "product": "TinyWeb Server", "versions": [{"version": "1.94", "status": "affected"}, {"version": "1.99", "status": "unaffected"}], "modules": ["Request Handler"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in Ritlabs TinyWeb Server 1.94. This vulnerability affects unknown code of the component Request Handler. The manipulation with the input %0D%0A leads to crlf injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 1.99 is able to resolve this issue. The identifier of the patch is d49c3da6a97e950975b18626878f3ee1f082358e. It is suggested to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2024-05-22T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-05-22T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-01-05T00:00:00.000Z", "lang": "en", "value": "Countermeasure disclosed"}, {"time": "2026-01-05T20:07:13.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Senatorhotchkiss (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "maximmasiutin (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.265830", "name": "VDB-265830 | Ritlabs TinyWeb Server Request crlf injection", "tags": ["vdb-entry", "technical-description", "mitigation", "patch"]}, {"url": "https://vuldb.com/?ctiid.265830", "name": "VDB-265830 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.333059", "name": "Submit #333059 | Ritlabs TinyWeb Server 1.94 CRLF Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/DMCERTCE/CRLF_Tiny", "tags": ["exploit"]}, {"url": "https://github.com/maximmasiutin/TinyWeb/commit/d49c3da6a97e950975b18626878f3ee1f082358e", "tags": ["patch"]}, {"url": "https://github.com/maximmasiutin/TinyWeb/releases/tag/v1.99", "tags": ["patch"]}, {"url": "https://www.masiutin.net/tinyweb-cve-2024-5193.html", "tags": ["mitigation"]}], "tags": ["x_open-source"]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5193", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-22T15:07:07.893860Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ritlabs:tinyweb:*:*:*:*:*:*:*:*"], "vendor": "ritlabs", "product": "tinyweb", "versions": [{"status": "affected", "version": "1.94"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T18:01:44.689Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:03:11.062Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.265830", "name": "VDB-265830 | Ritlabs TinyWeb Server Request crlf injection", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.265830", "name": "VDB-265830 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://vuldb.com/?submit.333059", "name": "Submit #333059 | Ritlabs TinyWeb Server 1.94 CRLF Injection", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://github.com/DMCERTCE/CRLF_Tiny", "tags": ["exploit", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.265830", "name": "VDB-265830 | Ritlabs TinyWeb Server Request crlf injection", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.265830", "name": "VDB-265830 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://vuldb.com/?submit.333059", "name": "Submit #333059 | Ritlabs TinyWeb Server 1.94 CRLF Injection", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://github.com/DMCERTCE/CRLF_Tiny", "tags": ["exploit", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:03:11.062Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5193", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-22T15:07:07.893860Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ritlabs:tinyweb:*:*:*:*:*:*:*:*"], "vendor": "ritlabs", "product": "tinyweb", "versions": [{"status": "affected", "version": "1.94"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-22T15:02:40.570Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"tags": ["x_open-source"], "title": "Ritlabs TinyWeb Server Request crlf injection", "credits": [{"lang": "en", "type": "reporter", "value": "Senatorhotchkiss (VulDB User)"}, {"lang": "en", "type": "analyst", "value": "maximmasiutin (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C"}}], "affected": [{"vendor": "Ritlabs", "modules": ["Request Handler"], "product": "TinyWeb Server", "versions": [{"status": "affected", "version": "1.94"}, {"status": "unaffected", "version": "1.99"}]}], "timeline": [{"lang": "en", "time": "2024-05-22T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-05-22T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-01-05T00:00:00.000Z", "value": "Countermeasure disclosed"}, {"lang": "en", "time": "2026-01-05T20:07:13.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.265830", "name": "VDB-265830 | Ritlabs TinyWeb Server Request crlf injection", "tags": ["vdb-entry", "technical-description", "mitigation", "patch"]}, {"url": "https://vuldb.com/?ctiid.265830", "name": "VDB-265830 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.333059", "name": "Submit #333059 | Ritlabs TinyWeb Server 1.94 CRLF Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/DMCERTCE/CRLF_Tiny", "tags": ["exploit"]}, {"url": "https://github.com/maximmasiutin/TinyWeb/commit/d49c3da6a97e950975b18626878f3ee1f082358e", "tags": ["patch"]}, {"url": "https://github.com/maximmasiutin/TinyWeb/releases/tag/v1.99", "tags": ["patch"]}, {"url": "https://www.masiutin.net/tinyweb-cve-2024-5193.html", "tags": ["mitigation"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in Ritlabs TinyWeb Server 1.94. This vulnerability affects unknown code of the component Request Handler. The manipulation with the input %0D%0A leads to crlf injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 1.99 is able to resolve this issue. The identifier of the patch is d49c3da6a97e950975b18626878f3ee1f082358e. It is suggested to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-93", "description": "CRLF Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-01-05T19:02:50.252Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5193", "state": "PUBLISHED", "dateUpdated": "2026-01-05T19:02:50.252Z", "dateReserved": "2024-05-22T05:12:12.895Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-05-22T10:31:04.297Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ritlabs:tinyweb:1.94:*:*:*:*:*:*:*", "matchCriteriaId": "45D37E23-FA98-4094-B4FB-495C102613DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in Ritlabs TinyWeb Server 1.94. This vulnerability affects unknown code of the component Request Handler. The manipulation with the input %0D%0A leads to crlf injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 1.99 is able to resolve this issue. The identifier of the patch is d49c3da6a97e950975b18626878f3ee1f082358e. It is suggested to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Ritlabs TinyWeb Server 1.94. Ha sido clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del componente Request Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n con la entrada %0D%0A conduce a la inyecci\u00f3n crlf. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-265830 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2024-5193", "lastModified": "2026-01-05T19:15:55.683", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-05-22T11:15:53.487", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit"], "url": "https://github.com/DMCERTCE/CRLF_Tiny"}, {"source": "cna@vuldb.com", "url": "https://github.com/maximmasiutin/TinyWeb/commit/d49c3da6a97e950975b18626878f3ee1f082358e"}, {"source": "cna@vuldb.com", "url": "https://github.com/maximmasiutin/TinyWeb/releases/tag/v1.99"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.265830"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.265830"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.333059"}, {"source": "cna@vuldb.com", "url": "https://www.masiutin.net/tinyweb-cve-2024-5193.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://github.com/DMCERTCE/CRLF_Tiny"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.265830"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.265830"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.333059"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-93"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{}