ExploitCVE-2024-45302
Improper Neutralization of CRLF Sequences ('CRLF Injection') (CWE-93)
Summary
RestSharp, a Simple REST and HTTP API Client for .NET, has a vulnerability in its header handling functions. Specifically, the second argument to `RestRequest.AddHeader`, `RestRequest.AddOrUpdateHeader`, and `RestClient.AddDefaultHeader` (the header value) is vulnerable to CRLF injection. This is due to the use of `HttpHeaders.TryAddWithoutValidation` method, which does not check for CRLF characters in the header value. This vulnerability affects all versions of RestSharp from 107.0.0 up to, but not including, 112.0.0.
Impact
The primary impact of this vulnerability is the potential for CRLF injection into HTTP headers when using HTTP/1.1. This can lead to the injection of additional HTTP headers or the smuggling of whole HTTP requests. If an application using the RestSharp library passes user-controllable values to headers, it becomes vulnerable to CRLF injection. In web applications, this can escalate to request splitting, potentially enabling Server Side Request Forgery (SSRF) attacks. The CVSS v3.1 base score for this vulnerability is 7.8 (High), with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates a local attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, and high impact on confidentiality, integrity, and availability.
Exploitation
One proof-of-concept exploit is available on github.com. There is no evidence of proof of exploitation at the moment.
Patch
RestSharp has addressed this issue in version 112.0.0. All users are advised to upgrade to this version or later to mitigate the vulnerability.
Mitigation
The primary mitigation is to upgrade RestSharp to version 112.0.0 or later. There are no known workarounds for this vulnerability. In addition, developers using RestSharp should be cautious about passing user-controllable values to HTTP headers and implement proper input validation and sanitization, especially in web applications. It's also recommended to review and update the RestSharp documentation to include warnings about this behavior to prevent potential misuse.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Timeline
Feedly found the first article mentioning CVE-2024-45302. See article
NVD published the first details for CVE-2024-45302
Feedly estimated the CVSS score as HIGH
A CVSS base score of 6.1 has been assigned.
EPSS Score was set to: 0.05% (Percentile: 16.3%)
A CVSS base score of 7.8 has been assigned.