[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] Vulnerability Report - CRLF Injection in Wget Host Part
From: |
Eli Zaretskii |
Subject: |
Re: [Bug-wget] Vulnerability Report - CRLF Injection in Wget Host Part |
Date: |
Mon, 06 Mar 2017 18:11:52 +0200 |
> From: Tim Ruehsen <address@hidden>
> Date: Mon, 06 Mar 2017 10:17:25 +0100
> Cc: Orange Tsai <address@hidden>
>
> Thanks, just pushed a commit, not allowing control chars in host part.
Hmm... is it really enough to reject only ASCII control characters?
Maybe we should also reject control characters from other Unicode
ranges? Just a thought.
Re: [Bug-wget] Vulnerability Report - CRLF Injection in Wget Host Part, Dale R. Worley, 2017/03/06