oss-sec mailing list archives
Re: Ruby:HTTP Header injection in 'net/http'
From: Casper Thomsen <ct () clearhaus com>
Date: Thu, 8 Dec 2016 16:00:04 +0100
On Sat, Jun 25, 2016 at 6:18 AM, redrain root <rootredrain () gmail com> wrote:
I would like to report a HTTP Header injection vulnerability in 'net/http' that allows attackers to inject arbitrary headers in request even create a new evil request.
By the way, this was fixed in Excon back then. https://github.com/excon/excon/compare/4aa6548313188f3fa6ba6f556f49aead107b5881...107111759c945d2cac9b57ba5716e1b9a9055126 Regards, -- Casper Thomsen
Current thread:
- Re: Ruby:HTTP Header injection in 'net/http' Casper Thomsen (Dec 08)