CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-45302

Medium Severity
Restsharp
SVRS
30/100
CVSSv3
7.8/10
EPSS
0.00183/1

CVE-2024-45302 is a CRLF injection vulnerability in RestSharp, a .NET REST and HTTP API client. This flaw allows attackers to inject arbitrary HTTP headers or smuggle HTTP requests by manipulating the header value in methods like RestRequest.AddHeader.

The vulnerability arises because HttpHeaders.TryAddWithoutValidation doesn't validate for CRLF characters. Although the CVSS score is 7.8, the SOCRadar Vulnerability Risk Score (SVRS) of 30 indicates lower real-world exploitability compared to purely quantitative metrics. While the risk is lower, applications passing user-controlled values to headers are still vulnerable. Exploitation could lead to Server Side Request Forgery (SSRF). RestSharp version 112.0.0 addresses this issue; users should upgrade.

TAGS
No tags available
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:N
UI:R
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-08-29
LAST MODIFIED2024-10-01
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-45302 affects RestSharp, a popular .NET library for REST and HTTP API communication. The vulnerability stems from a flaw in how RestSharp handles HTTP header values. The RestRequest.AddHeader, RestRequest.AddOrUpdateHeader, and RestClient.AddDefaultHeader methods allow an attacker to inject CRLF (carriage return, line feed) characters into header values. This can lead to CRLF injection, potentially enabling request splitting and Server Side Request Forgery (SSRF) attacks. The vulnerability is classified as a potential vulnerability in applications using RestSharp and not in RestSharp itself. While RestSharp has addressed this issue in version 112.0.0, applications using older versions remain vulnerable.

SVRS Score: 30, which while not categorized as critical, still signifies a moderate risk requiring attention.

Key Insights

  1. CRLF Injection: The vulnerability enables attackers to inject CRLF characters into HTTP headers. These characters can manipulate how the server interprets the header values, leading to malicious actions.
  2. Request Splitting: CRLF injection can be used for request splitting attacks, where attackers can insert additional HTTP requests into the original request, potentially bypassing security measures and executing unauthorized actions.
  3. Server-Side Request Forgery (SSRF): This vulnerability can be exploited for SSRF attacks, where attackers can send requests to internal systems or services on behalf of the vulnerable application. This could allow attackers to access sensitive data or perform unauthorized actions within the target network.

Mitigation Strategies

  1. Upgrade RestSharp: Immediately upgrade to RestSharp version 112.0.0 or later to patch the vulnerability.
  2. Input Validation: Implement strict input validation for all user-provided data, especially when it's used to construct HTTP headers. Ensure that CRLF characters are explicitly removed or escaped before processing.
  3. Web Application Firewall (WAF): Consider using a WAF to detect and block malicious requests that exploit CRLF injection or request splitting techniques.
  4. Security Awareness Training: Educate development teams about the potential risks of CRLF injection and the importance of secure coding practices, including proper input validation and data sanitization.

Additional Information

If you have any further questions or require additional information on this incident, please use the "Ask to Analyst" feature, contact SOCRadar directly, or open a support ticket.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CRLF Injection Vulnerabilities Identified in Popular .NET Libraries RestSharp and Refit
Divya2025-01-31
CRLF Injection Vulnerabilities Identified in Popular .NET Libraries RestSharp and Refit | Security researchers have uncovered critical CRLF (Carriage Return Line Feed) injection vulnerabilities in two widely used .NET libraries, RestSharp and Refit. These flaws, which allow attackers to manipulate HTTP headers and potentially execute HTTP request splitting, have been assigned CVE-2024-45302 for RestSharp and CVE-2024-51501 for Refit. Background on CRLF Injection CRLF injection vulnerabilities arise when user-controllable input is […] The post CRLF Injection Vulnerabilities Identified in Popular .NET
gbhackers.com
rss
forum
news

Social Media

CVE-2024-45302 RestSharp is a Simple REST and HTTP API Client for .NET. The second argument to `RestRequest.AddHeader` (the header value) is vulnerable to CRLF injection. The same a… https://t.co/6ve9QQb5Je
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppRestsharprestsharp

References

ReferenceLink
[email protected]https://github.com/restsharp/RestSharp/blob/777bf194ec2d14271e7807cc704e73ec18fcaf7e/src/RestSharp/Request/HttpRequestMessageExtensions.cs#L32
[email protected]https://github.com/restsharp/RestSharp/commit/0fba5e727d241b1867bd71efc912594075c2934b
[email protected]https://github.com/restsharp/RestSharp/security/advisories/GHSA-4rr6-2v9v-wcpc
GITHUBhttps://github.com/restsharp/RestSharp/security/advisories/GHSA-4rr6-2v9v-wcpc

CWE Details

CWE IDCWE NameDescription
CWE-93Improper Neutralization of CRLF Sequences ('CRLF Injection')The software uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence