Opened 3 years ago

Closed 2 years ago

Last modified 2 years ago

#9421 defect closed fixed (fixed)

twisted.web.http._newclient.Request vulnerable to header injection

Reported by: mark williams Owned by: mark williams
Priority: normal Milestone:
Component: web Keywords:
Cc: Branch:

Description (last modified by mark williams)

twisted.web._newclient.Request._writeHeaders allows line breaks in header values, so it's possible that a malicious input could inject a new header by including a value with \n or \r\n.

writeHeaders should not write \n or \r\n in response header values.

twisted.web.http.HTTPClient is also vulnerable.

Change History (5)

comment:1 Changed 3 years ago by mark williams

Description: modified (diff)

comment:2 Changed 3 years ago by mark williams

Keywords: review added

comment:3 Changed 3 years ago by Glyph

Keywords: review removed
Owner: set to mark williams

comment:4 Changed 2 years ago by Glyph

Resolution: fixed
Status: newclosed

This was also fixed by PR 999.

comment:5 Changed 2 years ago by Glyph

(which is merged)

Note: See TracTickets for help on using tickets.