CVE-2025-52479: CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') in JuliaWeb HTTP.jl
HTTP.jl provides HTTP client and server functionality for Julia, and URIs.jl parses and works with Uniform Resource Identifiers (URIs). URIs.jl prior to version 1.6.0 and HTTP.jl prior to version 1.10.17 allows the construction of URIs containing CR/LF characters. If user input was not otherwise escaped or protected, this can lead to a CRLF injection attack. Users of HTTP.jl should upgrade immediately to HTTP.jl v1.10.17, and users of URIs.jl should upgrade immediately to URIs.jl v1.6.0. The check for valid URIs is now in the URI.jl package, and the latest version of HTTP.jl incorporates that fix. As a workaround, manually validate any URIs before passing them on to functions in this package.
AI Analysis
Technical Summary
CVE-2025-52479 is a high-severity vulnerability affecting the JuliaWeb HTTP.jl package, specifically versions prior to 1.10.17, and the URIs.jl package prior to version 1.6.0. The vulnerability arises from improper neutralization of CRLF (Carriage Return Line Feed) sequences in Uniform Resource Identifiers (URIs) constructed or parsed by these libraries. HTTP.jl provides HTTP client and server functionality for the Julia programming language, while URIs.jl is responsible for parsing and handling URIs. The flaw allows malicious actors to inject CRLF characters into URIs if user input is not properly escaped or validated before being processed. This can lead to CRLF injection attacks, which are a form of HTTP response splitting. Such attacks can manipulate HTTP headers, enabling attackers to craft malicious responses that can lead to web cache poisoning, cross-site scripting (XSS), session fixation, or other injection-based attacks. The vulnerability does not require authentication or user interaction and can be exploited remotely over the network, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The impact on confidentiality is none, but integrity is high due to the ability to manipulate HTTP responses, and availability is not affected. The vulnerability has not yet been observed exploited in the wild. The fix involves upgrading HTTP.jl to version 1.10.17 or later and URIs.jl to version 1.6.0 or later, which incorporate stricter URI validation and neutralization of CRLF sequences. As a temporary workaround, users should manually validate and sanitize any URIs before passing them to these libraries to prevent injection of CRLF characters. This vulnerability is tracked under CWE-93 (Improper Neutralization of CRLF Sequences) and CWE-113 (HTTP Response Splitting).
Potential Impact
For European organizations using JuliaWeb's HTTP.jl and URIs.jl libraries, particularly in web-facing applications or services, this vulnerability poses a significant risk. Exploitation could allow attackers to manipulate HTTP responses, potentially leading to web cache poisoning and cross-site scripting attacks that compromise user sessions and data integrity. This is especially critical for organizations in sectors such as finance, healthcare, and government, where data integrity and secure web communications are paramount. The vulnerability's ease of exploitation without authentication or user interaction increases the risk of automated attacks and widespread exploitation if unpatched. Additionally, organizations relying on Julia for scientific computing or data analysis that expose HTTP endpoints could inadvertently expose themselves to these risks. The absence of known exploits in the wild suggests a window of opportunity for proactive mitigation. Failure to address this vulnerability could lead to reputational damage, regulatory penalties under GDPR if personal data is compromised, and operational disruptions due to compromised web services.
Mitigation Recommendations
Immediately upgrade HTTP.jl to version 1.10.17 or later and URIs.jl to version 1.6.0 or later to incorporate the official fixes for CRLF injection. Implement strict input validation and sanitization for all user-supplied URIs before they are processed by HTTP.jl or URIs.jl, ensuring that CR and LF characters are either removed or properly encoded. Review and audit all Julia-based web applications and services to identify usage of HTTP.jl and URIs.jl, prioritizing those exposed to external networks. Employ web application firewalls (WAFs) with rules targeting HTTP response splitting and CRLF injection patterns to provide an additional layer of defense. Monitor HTTP responses for anomalies such as unexpected header injections or duplicated headers that may indicate attempted exploitation. Educate developers on secure URI handling practices within Julia applications to prevent introduction of similar vulnerabilities in the future. In environments where immediate upgrade is not feasible, implement manual URI validation routines as a temporary mitigation to reject or sanitize suspicious input.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark
CVE-2025-52479: CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') in JuliaWeb HTTP.jl
Description
HTTP.jl provides HTTP client and server functionality for Julia, and URIs.jl parses and works with Uniform Resource Identifiers (URIs). URIs.jl prior to version 1.6.0 and HTTP.jl prior to version 1.10.17 allows the construction of URIs containing CR/LF characters. If user input was not otherwise escaped or protected, this can lead to a CRLF injection attack. Users of HTTP.jl should upgrade immediately to HTTP.jl v1.10.17, and users of URIs.jl should upgrade immediately to URIs.jl v1.6.0. The check for valid URIs is now in the URI.jl package, and the latest version of HTTP.jl incorporates that fix. As a workaround, manually validate any URIs before passing them on to functions in this package.
AI-Powered Analysis
Technical Analysis
CVE-2025-52479 is a high-severity vulnerability affecting the JuliaWeb HTTP.jl package, specifically versions prior to 1.10.17, and the URIs.jl package prior to version 1.6.0. The vulnerability arises from improper neutralization of CRLF (Carriage Return Line Feed) sequences in Uniform Resource Identifiers (URIs) constructed or parsed by these libraries. HTTP.jl provides HTTP client and server functionality for the Julia programming language, while URIs.jl is responsible for parsing and handling URIs. The flaw allows malicious actors to inject CRLF characters into URIs if user input is not properly escaped or validated before being processed. This can lead to CRLF injection attacks, which are a form of HTTP response splitting. Such attacks can manipulate HTTP headers, enabling attackers to craft malicious responses that can lead to web cache poisoning, cross-site scripting (XSS), session fixation, or other injection-based attacks. The vulnerability does not require authentication or user interaction and can be exploited remotely over the network, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The impact on confidentiality is none, but integrity is high due to the ability to manipulate HTTP responses, and availability is not affected. The vulnerability has not yet been observed exploited in the wild. The fix involves upgrading HTTP.jl to version 1.10.17 or later and URIs.jl to version 1.6.0 or later, which incorporate stricter URI validation and neutralization of CRLF sequences. As a temporary workaround, users should manually validate and sanitize any URIs before passing them to these libraries to prevent injection of CRLF characters. This vulnerability is tracked under CWE-93 (Improper Neutralization of CRLF Sequences) and CWE-113 (HTTP Response Splitting).
Potential Impact
For European organizations using JuliaWeb's HTTP.jl and URIs.jl libraries, particularly in web-facing applications or services, this vulnerability poses a significant risk. Exploitation could allow attackers to manipulate HTTP responses, potentially leading to web cache poisoning and cross-site scripting attacks that compromise user sessions and data integrity. This is especially critical for organizations in sectors such as finance, healthcare, and government, where data integrity and secure web communications are paramount. The vulnerability's ease of exploitation without authentication or user interaction increases the risk of automated attacks and widespread exploitation if unpatched. Additionally, organizations relying on Julia for scientific computing or data analysis that expose HTTP endpoints could inadvertently expose themselves to these risks. The absence of known exploits in the wild suggests a window of opportunity for proactive mitigation. Failure to address this vulnerability could lead to reputational damage, regulatory penalties under GDPR if personal data is compromised, and operational disruptions due to compromised web services.
Mitigation Recommendations
Immediately upgrade HTTP.jl to version 1.10.17 or later and URIs.jl to version 1.6.0 or later to incorporate the official fixes for CRLF injection. Implement strict input validation and sanitization for all user-supplied URIs before they are processed by HTTP.jl or URIs.jl, ensuring that CR and LF characters are either removed or properly encoded. Review and audit all Julia-based web applications and services to identify usage of HTTP.jl and URIs.jl, prioritizing those exposed to external networks. Employ web application firewalls (WAFs) with rules targeting HTTP response splitting and CRLF injection patterns to provide an additional layer of defense. Monitor HTTP responses for anomalies such as unexpected header injections or duplicated headers that may indicate attempted exploitation. Educate developers on secure URI handling practices within Julia applications to prevent introduction of similar vulnerabilities in the future. In environments where immediate upgrade is not feasible, implement manual URI validation routines as a temporary mitigation to reject or sanitize suspicious input.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-06-17T02:28:39.717Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 685c2224c6576a567aed81d9
Added to database: 6/25/2025, 4:21:56 PM
Last enriched: 6/25/2025, 4:37:15 PM
Last updated: 8/7/2025, 11:21:45 AM
Views: 15
Related Threats
CVE-2025-55284: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in anthropics claude-code
HighCVE-2025-55286: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer in vancluever z2d
HighCVE-2025-52621: CWE-346 Origin Validation Error in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52620: CWE-20 Improper Input Validation in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52619: CWE-209 Generation of Error Message Containing Sensitive Information in HCL Software BigFix SaaS Remediate
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.