{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T17:41:19.453","vulnerabilities":[{"cve":{"id":"CVE-2023-41834","sourceIdentifier":"security@apache.org","published":"2023-09-19T13:16:22.333","lastModified":"2024-11-21T08:21:46.017","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content into the HTTP response that is sent to the user's browser. \n\nUsers should upgrade to Apache Flink Stateful Functions version 3.3.0."},{"lang":"es","value":"La Neutralización Inadecuada de Secuencias CRLF en encabezados HTTP en Apache Flink Stateful Functions 3.1.0, 3.1.1 y 3.2.0 permite a atacantes remotos inyectar encabezados HTTP arbitrarios y realizar ataques de división de respuestas HTTP a través de solicitudes HTTP manipuladas. Los atacantes podrían potencialmente inyectar contenido malicioso en la respuesta HTTP que se envía al navegador del usuario. Los usuarios deben actualizar a Apache Flink Stateful Functions versión 3.3.0."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-113"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:flink_stateful_functions:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1.0","versionEndIncluding":"3.2.0","matchCriteriaId":"E7397C1F-270A-4542-BA1A-C2BA98C20BA8"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2023/09/19/3","source":"security@apache.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.apache.org/thread/cvxcsdyjqc3lysj1tz7s06zwm36zvwrm","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2023/09/19/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.apache.org/thread/cvxcsdyjqc3lysj1tz7s06zwm36zvwrm","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]}]}}]}