Improper header parsing. An attacker could sneak in a carriage return character (\r) and pass untrusted values in both the header names and values.
\r
The issue is patched in 1.8.4 and 2.1.1.
There are no known workarounds.
Impact
Improper header parsing. An attacker could sneak in a carriage return character (
\r) and pass untrusted values in both the header names and values.Patches
The issue is patched in 1.8.4 and 2.1.1.
Workarounds
There are no known workarounds.
References