Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Detects and rejects malformed response headers #2773

Merged
merged 1 commit into from Oct 2, 2015

Conversation

@jefflembeck
Copy link
Contributor

@jefflembeck jefflembeck commented Sep 18, 2015

This works around a byte truncation flaw in node core versions > 0.10
where the high bit is stripped from headers leading to a possible header
injection.

This works around a byte truncation flaw in node core versions > 0.10
where the high bit is stripped from headers leading to a possible header
injection.
@aredridel
Copy link

@aredridel aredridel commented Sep 30, 2015

This has security implications for folks passing arbitrary data to redirects in any fashion, even within otherwise legit URLs.

@hueniverse hueniverse added this to the 10.2.0 milestone Oct 2, 2015
@hueniverse hueniverse self-assigned this Oct 2, 2015
@hueniverse hueniverse merged commit 8853985 into hapijs:master Oct 2, 2015
1 check passed
@lock
Copy link

@lock lock bot commented Jan 9, 2020

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.

@lock lock bot locked as resolved and limited conversation to collaborators Jan 9, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants