SCA: security update for Refit (GHSA-3hxg-fxwm-8gf7)

critical Tenable Cloud Security Plugin ID 409559

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- Refit is an automatic type-safe REST library for .NET Core, Xamarin and .NET The various header-related
Refit attributes (Header, HeaderCollection and Authorize) are vulnerable to CRLF injection. The way HTTP
headers are added to a request is via the `HttpHeaders.TryAddWithoutValidation` method. This method does
not check for CRLF characters in the header value. This means that any headers added to a refit request
are vulnerable to CRLF-injection. In general, CRLF-injection into a HTTP header (when using HTTP/1.1)
means that one can inject additional HTTP headers or smuggle whole HTTP requests. If an application using
the Refit library passes a user-controllable value through to a header, then that application becomes
vulnerable to CRLF-injection. This is not necessarily a security issue for a command line application like
the one above, but if such code were present in a web application then it becomes vulnerable to request
splitting (as shown in the PoC) and thus Server Side Request Forgery. Strictly speaking this is a
potential vulnerability in applications using Refit and not in Refit itself. This issue has been addressed
in release versions 7.2.22 and 8.0.0 and all users are advised to upgrade. There are no known workarounds
for this vulnerability. (CVE-2024-51501)

See Also

https://github.com/advisories/GHSA-3hxg-fxwm-8gf7

Plugin Details

Severity: Critical

ID: 409559

Version: Revision 1.12

Type: Local

Family: SCA Checks

Published: 1/23/2025

Updated: 7/7/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.5

Vendor

Vendor Severity: Critical

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2024-51501

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS v4

Risk Factor: Critical

Base Score: 10

Threat Score: 10

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 11/4/2024

Vulnerability Publication Date: 11/4/2024

Reference Information

CVE: CVE-2024-51501

cwe: CWE-93