swift-server/async-http-client
1
0
Fork 0
mirror of https://github.com/swift-server/async-http-client.git synced 2026-05-03 07:32:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
http-client-1.9
async-http-client/Sources
T
History
Cory Benfield 116b6d1cc6 Merge pull request from GHSA-v3r5-pjpm-mwgq 
Motivation

Allowing arbitrary data in outbound header field values allows for the
possibility that users of AHC will accidentally pass untrusted data into
those values. That untrusted data can substantially alter the parsing
and content of the HTTP requests, which is extremely dangerous. The
result of this is vulnerability to CRLF injection.

Modifications

Add validation of outbound header field values.

Result

No longer vulnerable to CRLF injection

(cherry picked from commit 3034835a213babfcda19031e80c0b7c9780475e9)
2023-01-17 11:06:09 +00:00
..
AsyncHTTPClient
Merge pull request from GHSA-v3r5-pjpm-mwgq
2023-01-17 11:06:09 +00:00
CAsyncHTTPClient
Redo HTTP cookie parsing (#510)
2022-01-06 16:40:55 +00:00