Issue #1003 resolved

Security issue: HTTPRedirect exception can be used to inject headers

Anonymous created an issue

The HTTPRedirect exception does not validate the supplied URL - An invalid (eg. user supplied) URL can lead to header injection.

Eg raise HTTPRedirect('/foobar/\x0aSet-Cookie:%20somecookie=someval')

Of course the user code should validate the URL prior to raising HTTPRedirect, but failing to do so should raise an exception rather than leading to a potentially exploitable attack.

Reported by gwatts

Comments (4)

  1. Log in to comment