Vulnerability Database

319,592

Total vulnerabilities in the database

CVE-2025-61689

HTTP.jl is an HTTP client and server functionality for the Julia programming language. Prior to version 1.10.19, HTTP.jl did not validate header names/values for illegal characters, allowing CRLF-based header injection and response splitting. This enables HTTP response splitting and header injection, leading to cache poisoning, XSS, session fixation, and more. This issue is fixed in HTTP.jl v1.10.19.

Published: Oct 10, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-61689
Exploit:

No technical information available.

CWEs:

CWE-113

Affected Software
References

No affected software listed.

https://github.com/JuliaWeb/HTTP.jl/releases/tag/v1.10.19
https://github.com/JuliaWeb/HTTP.jl/security/advisories/GHSA-h3x8-ppwj-6vcj

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo