CWE-93Improper Neutralization of CRLF Sequences ('CRLF Injection')

Description

The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

Common consequences

• Integrity→Modify Application Data

Potential mitigations

• Implementation
  Avoid using CRLF as a special sequence.
• Implementation
  Appropriately filter or quote CRLF sequences in user-controlled input.

Related CWEs

Recent CVEs classified under this CWE