CRLF occurs when an attacker can abuse the carriage return character (\r) and a newline character (\n) in an HTTP request in order to inject new headers or a new body for the HTTP request. This attack is a very dangerous attack as it can give the attacker the ability to create whatever request he wants.
The only way to prevent CRLF attacks is to carefully sanitize every message that is sent by the client.
Ignoring this check
- Escape Severity: MEDIUM
- OWASP: A08:2019
- PCI DSS: 6.5.1
- CVSS_VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
- CVSS_SCORE: 5.1