[GHSA-9324-jv53-9cc8] dio vulnerable to CRLF injection with HTTP method string #4442
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updates
Comments
Reference links:
CVE-2021-31402: This is the identifier of the vulnerability in the NVD database.
OSV - Open Source Vulnerabilities: Provides additional information about the vulnerability and the fix.
Issue #1752: Contains discussion and updates regarding the vulnerability and its fix in the project's GitHub repository.
Code commit:
Commit cfug/dio@927f79e: Describes the specific change made to fix the vulnerability and can be used as a reference for technical details.
Broader context:
You can search for other posts and discussions in the project's GitHub repository (such as Issue #1130) to get more context and information regarding the vulnerability and the fix.