BlackSheep ClientSession is vulnerable to CRLF injection

BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests (e.g. insert a new header) or even create a new HTTP request. Exploitation requires developers to pass unsanitized user input directly into headers.The server part is not affected because BlackSheep delegates to an underlying ASGI server handling of response headers. This vulnerability is fixed in 2.4.6.

N/A

HTTP头部中CRLF序列转义处理不恰当(HTTP响应分割)

BlackSheep 注入漏洞

BlackSheep是Neoteroi开源的一个Web应用框架。 BlackSheep 2.4.6之前版本存在注入漏洞，该漏洞源于HTTP客户端实现缺少标头验证，可能导致攻击者修改HTTP请求或创建新请求。

N/A

N/A