oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Ruby:HTTP Header injection in 'net/http'

From: Casper Thomsen <ct () clearhaus com>
Date: Thu, 8 Dec 2016 16:00:04 +0100
On Sat, Jun 25, 2016 at 6:18 AM, redrain root <rootredrain () gmail com> wrote:

I would like to report a HTTP Header injection vulnerability in
'net/http' that allows attackers to inject arbitrary headers in
request even create a new evil request.


By the way, this was fixed in Excon back then.

https://github.com/excon/excon/compare/4aa6548313188f3fa6ba6f556f49aead107b5881...107111759c945d2cac9b57ba5716e1b9a9055126

Regards,
-- 
Casper Thomsen
Previous By Date Next
Previous By Thread Next

Current thread: