Nixpkgs security tracker
by @LeSuisse Activity log
- Created suggestion
- @LeSuisse dismissed (not in Nixpkgs)
HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values
HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that becomes the `Host:` header, and HTTP/1.1 control data field values. An attacker who controls one of these inputs, for example a user supplied URL passed to a webhook or URL fetch endpoint, can inject additional headers and smuggle requests to the upstream server.
References
Affected products
- <0.093
Matching in nixpkgs
pkgs.perlPackages.HTTPTinyish
HTTP::Tiny compatible HTTP client wrappers
pkgs.perl5Packages.HTTPTinyish
HTTP::Tiny compatible HTTP client wrappers
pkgs.perlPackages.HTTPTinyCache
Cache HTTP::Tiny responses
pkgs.perl538Packages.HTTPTinyish
HTTP::Tiny compatible HTTP client wrappers
pkgs.perl540Packages.HTTPTinyish
HTTP::Tiny compatible HTTP client wrappers
pkgs.perl5Packages.HTTPTinyCache
Cache HTTP::Tiny responses
pkgs.perl538Packages.HTTPTinyCache
Cache HTTP::Tiny responses
pkgs.perl540Packages.HTTPTinyCache
Cache HTTP::Tiny responses
pkgs.perlPackages.TestMockHTTPTiny
Record and replay HTTP requests/responses with HTTP::Tiny
pkgs.perl5Packages.TestMockHTTPTiny
Record and replay HTTP requests/responses with HTTP::Tiny
pkgs.perl538Packages.TestMockHTTPTiny
Record and replay HTTP requests/responses with HTTP::Tiny
pkgs.perl540Packages.TestMockHTTPTiny
Record and replay HTTP requests/responses with HTTP::Tiny
Package maintainers
-
@stigtsp Stig Palmquist <stig@stig.io>