ByteOS Network

CVE Vulnerability Details :

CVE-2024-5193

PUBLISHED

More Info Official Page

Assigner-VulDB

Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5

Published At-22 May, 2024 | 10:31

Updated At-05 Jan, 2026 | 19:02

▼CVE Numbering Authority (CNA)

Ritlabs TinyWeb Server Request crlf injection

A security vulnerability has been detected in Ritlabs TinyWeb Server 1.94. This vulnerability affects unknown code of the component Request Handler. The manipulation with the input %0D%0A leads to crlf injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 1.99 is able to resolve this issue. The identifier of the patch is d49c3da6a97e950975b18626878f3ee1f082358e. It is suggested to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Products

Vendor

Ritlabs

Product

TinyWeb Server

Modules

Request Handler

Versions

Affected

1.94

Unaffected

1.99

Problem Types

Type	CWE ID	Description
CWE	CWE-93	CRLF Injection
CWE	CWE-74	Injection

Type: CWE

CWE ID: CWE-93

Description: CRLF Injection

Type: CWE

CWE ID: CWE-74

Description: Injection

Metrics

Version	Base score	Base severity	Vector
4.0	6.9	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
3.0	5.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
2.0	5.0	N/A	AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C

Version: 4.0

Base score: 6.9

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

Version: 3.0

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

Version: 2.0

Base score: 5.0

Base severity: N/A

Vector:

AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C

Credits

reporter

Senatorhotchkiss (VulDB User)

analyst

maximmasiutin (VulDB User)

Timeline

Event	Date
Advisory disclosed	2024-05-22 00:00:00
VulDB entry created	2024-05-22 02:00:00
Countermeasure disclosed	2026-01-05 00:00:00
VulDB entry last update	2026-01-05 20:07:13

Event: Advisory disclosed

Date: 2024-05-22 00:00:00

Event: VulDB entry created

Date: 2024-05-22 02:00:00

Event: Countermeasure disclosed

Date: 2026-01-05 00:00:00

Event: VulDB entry last update

Date: 2026-01-05 20:07:13

References

Hyperlink	Resource
https://vuldb.com/?id.265830	vdb-entry technical-description mitigation patch
https://vuldb.com/?ctiid.265830	signature permissions-required
https://vuldb.com/?submit.333059	third-party-advisory
https://github.com/DMCERTCE/CRLF_Tiny	exploit
https://github.com/maximmasiutin/TinyWeb/commit/d49c3da6a97e950975b18626878f3ee1f082358e	patch
https://github.com/maximmasiutin/TinyWeb/releases/tag/v1.99	patch
https://www.masiutin.net/tinyweb-cve-2024-5193.html	mitigation

Hyperlink: https://vuldb.com/?id.265830

Resource:

vdb-entry

technical-description

mitigation

patch

Hyperlink: https://vuldb.com/?ctiid.265830

Resource:

signature

permissions-required

Hyperlink: https://vuldb.com/?submit.333059

Resource:

third-party-advisory

Hyperlink: https://github.com/DMCERTCE/CRLF_Tiny

Resource:

exploit

Hyperlink: https://github.com/maximmasiutin/TinyWeb/commit/d49c3da6a97e950975b18626878f3ee1f082358e

Resource:

patch

Hyperlink: https://github.com/maximmasiutin/TinyWeb/releases/tag/v1.99

Resource:

patch

Hyperlink: https://www.masiutin.net/tinyweb-cve-2024-5193.html

Resource:

mitigation

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Affected Products

Vendor

ritlabs

Product

tinyweb

CPEs

cpe:2.3:a:ritlabs:tinyweb:*:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

1.94

Metrics Other Info

2. CVE Program Container

References

Hyperlink	Resource
https://vuldb.com/?id.265830	vdb-entry technical-description x_transferred
https://vuldb.com/?ctiid.265830	signature permissions-required x_transferred
https://vuldb.com/?submit.333059	third-party-advisory x_transferred
https://github.com/DMCERTCE/CRLF_Tiny	exploit x_transferred

Hyperlink: https://vuldb.com/?id.265830

Resource:

vdb-entry

technical-description

x_transferred

Hyperlink: https://vuldb.com/?ctiid.265830

Resource:

signature

permissions-required

x_transferred

Hyperlink: https://vuldb.com/?submit.333059

Resource:

third-party-advisory

x_transferred

Hyperlink: https://github.com/DMCERTCE/CRLF_Tiny

Resource:

exploit

x_transferred

Affected Products

Affected

Unaffected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Affected

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References