Files
@ 38d1c99cd000
Branch filter:
Location: kallithea/docs/changelog.rst
38d1c99cd000
200 B
text/prs.fallenstein.rst
login: enhance came_from validation
Drop urlparse and just validate that came_from is a RFC 3986 compliant path.
This blocks an HTTP header injection vulnerability discovered by
Gjoko Krstic <gjoko@zeroscience.mk> of Zero Science Lab (CVE-2015-5285)
Drop urlparse and just validate that came_from is a RFC 3986 compliant path.
This blocks an HTTP header injection vulnerability discovered by
Gjoko Krstic <gjoko@zeroscience.mk> of Zero Science Lab (CVE-2015-5285)