N/A

NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious user can add newlines to their input (usually in encoded form) and "inject" those newlines into the returned HTTP response. This capability allows users to work around security headers and HTTP/1.1 framing headers by injecting entirely false responses or other new headers. The injected false responses may also be treated as the response to subsequent requests, which can lead to XSS, cache poisoning, and a number of other flaws. This issue was resolved by adding validation to the HTTPHeaders type, ensuring that there's no whitespace incorrectly present in the HTTP headers provided by users. As the existing API surface is non-failable, all invalid characters are replaced by linear whitespace.

N/A

HTTP头部中CRLF序列转义处理不恰当(HTTP响应分割)

swift-nio-http2 注入漏洞

swift-nio-http2是一个 SwiftPM 项目，可以非常简单地构建和测试。 swift-nio-http2 2.41.2之前版本存在安全漏洞，该漏洞源于NIOHTTP1生成HTTP响应的项目可能会受到HTTP响应注入攻击。此功能允许用户通过注入完全错误的响应或其他新标头来解决安全标头和HTTP/1.1 框架标头，注入的错误响应也可能被视为对后续请求的响应，这可能导致XSS、缓存中毒和其他缺陷。

N/A

N/A