Back to search
CVE-2025-61689
Published: Oct 10, 2025
Modified: Oct 10, 2025
PUBLISHED
Description
HTTP.jl is an HTTP client and server functionality for the Julia programming language. Prior to version 1.10.19, HTTP.jl did not validate header names/values for illegal characters, allowing CRLF-based header injection and response splitting. This enables HTTP response splitting and header injection, leading to cache poisoning, XSS, session fixation, and more. This issue is fixed in HTTP.jl `v1.10.19`.
| Vendor | Product | Versions |
|---|---|---|
JuliaWeb | HTTP.jl | affected < 1.10.19 |
Weaknesses (CWE)
References
https://github.com/JuliaWeb/HTTP.jl/security/advisories/GHSA-h3x8-ppwj-6vcj
x_refsource_CONFIRM
https://github.com/JuliaWeb/HTTP.jl/releases/tag/v1.10.19
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now