Techly NewsGet the app

Get the latest tech news

CRLF Injection in `–proxy-header` allows extra HTTP headers (CWE-93)


Hello Team, There is a bug in `curl` where a user can inject **new HTTP headers** into a proxy request by using special characters in the `--proxy-header` option. This is done by adding `\r\n` (carriage return + line feed) inside the header value. This breaks the HTTP format and lets the user create more headers from a single line # What’s the Problem? The problem happens because `curl`...

Get the Android app

Or read this on Hacker News

Read more on:

Photo of injection

injection

Photo of header

header

Photo of HTTP

HTTP

Related news:

News photo

HTTP Feeds: a minimal specification for polling events over HTTP

News photo

Show HN: Faasta – A self-hosted Serverless platform for WASM-wasi-HTTP in Rust

News photo

Msgpack23 – A modern, header-only C++ library for MessagePack (de)serialization

« The Lisp in the Cellar: Dependent types that live upstairs [pdf]
Intel Explores Sale of Networking and Edge Unit »