{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T16:44:50.929","vulnerabilities":[{"cve":{"id":"CVE-2025-66570","sourceIdentifier":"security-advisories@github.com","published":"2025-12-05T19:15:51.923","lastModified":"2025-12-10T15:02:46.533","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTE_ADDR, REMOTE_PORT, LOCAL_ADDR, LOCAL_PORT that are parsed into the request header multimap via read_headers() in httplib.h (headers.emplace), then the server later appends its own internal metadata using the same header names in Server::process_request without erasing duplicates. Because Request::get_header_value returns the first entry for a header key (id == 0) and the client-supplied headers are parsed before server-inserted headers, downstream code that uses these header names may inadvertently use attacker-controlled values. Affected files/locations: cpp-httplib/httplib.h (read_headers, Server::process_request, Request::get_header_value, get_header_value_u64) and cpp-httplib/docker/main.cc (get_client_ip, nginx_access_logger, nginx_error_logger). Attack surface: attacker-controlled HTTP headers in incoming requests flow into the Request.headers multimap and into logging code that reads forwarded headers, enabling IP spoofing, log poisoning, and authorization bypass via header shadowing. This vulnerability is fixed in 0.27.0."},{"lang":"es","value":"cpp-httplib es una biblioteca HTTP/HTTPS multiplataforma de un solo archivo de cabecera única para C++11. Versiones anteriores a 0.27.0, una vulnerabilidad permite que los encabezados HTTP controlados por el atacante influyan en los metadatos visibles para el servidor, el registro y las decisiones de autorización. Un atacante puede inyectar encabezados llamados REMOTE_ADDR, REMOTE_PORT, LOCAL_ADDR, LOCAL_PORT que se analizan en el multimapa de encabezados de solicitud a través de read_headers() en httplib.h (headers.emplace), luego el servidor posteriormente añade sus propios metadatos internos usando los mismos nombres de encabezado en Server::process_request sin borrar duplicados. Debido a que Request::get_header_value devuelve la primera entrada para una clave de encabezado (id == 0) y los encabezados proporcionados por el cliente se analizan antes que los encabezados insertados por el servidor, el código descendente que utiliza estos nombres de encabezado puede usar inadvertidamente valores controlados por el atacante. Archivos/ubicaciones afectados: cpp-httplib/httplib.h (read_headers, Server::process_request, Request::get_header_value, get_header_value_u64) y cpp-httplib/docker/main.cc (get_client_ip, nginx_access_logger, nginx_error_logger). Superficie de ataque: los encabezados HTTP controlados por el atacante en las solicitudes entrantes fluyen hacia el multimapa Request.headers y hacia el código de registro que lee los encabezados reenviados, lo que permite la suplantación de IP, el envenenamiento de registros y la omisión de autorización a través del sombreado de encabezados. Esta vulnerabilidad se corrige en 0.27.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-290"},{"lang":"en","value":"CWE-345"},{"lang":"en","value":"CWE-807"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:yhirose:cpp-httplib:*:*:*:*:*:*:*:*","versionEndExcluding":"0.27.0","matchCriteriaId":"833767D4-2EB6-44EB-AF07-8942AF6F6075"}]}]}],"references":[{"url":"https://github.com/yhirose/cpp-httplib/commit/ac9ebb0ee333ce8bf13523f487bdfad9518a2aff","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-xm2j-vfr9-mg9m","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}