Skip to content

Update CVE-2019-6802.yaml #8286

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 3, 2023
Merged

Update CVE-2019-6802.yaml #8286

merged 2 commits into from
Oct 3, 2023

Conversation

@jainiresh
Copy link
Contributor

@jainiresh jainiresh commented Sep 29, 2023
edited
Loading

Updated to remove false positives.
As the previous change matches the words "Set-Cookie: crlfinjection=1" even if the words are present in the Location header too.

The updated code, will match only if the "Set-Cookie: crlfinjection=1" is actually a header, by verifying that it actually starts in the beginning of a response header.

Template / PR Information

  • Fixed CVE-2020-XXX / Added CVE-2020-XXX / Updated CVE-2020-XXX
  • References:

Template Validation

I've validated this template locally?

  • YES
  • NO

Additional Details (leave it blank if not applicable)

Additional References:

jainiresh and others added 2 commits September 29, 2023 13:46
@jainiresh
Update CVE-2019-6802.yaml
5574a26 
Updated to remove false positives.
As the previous change matches the words "Set-Cookie: crlfinjection=1" even if the words are present in the Location header too.

The updated code, will match only if the "Set-Cookie: crlfinjection=1" is actually a header, by verifying that it actually starts in the beginning of a response header.
@ehsandeep
format fix
6784a9d
ehsandeep
ehsandeep reviewed Sep 29, 2023
View reviewed changes
Copy link
Member

@ehsandeep ehsandeep left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jainiresh thank you for improving the template, I've made minor change, can you please confirm if works as expected?

@DhiyaneshGeek DhiyaneshGeek self-assigned this Sep 30, 2023
@DhiyaneshGeek DhiyaneshGeek added good first issue Good for newcomers Done Ready to merge labels Sep 30, 2023
@ritikchaddha ritikchaddha merged commit a334550 into projectdiscovery:main Oct 3, 2023
@ritikchaddha
Copy link
Contributor

ritikchaddha commented Oct 3, 2023

Hello @jainiresh, We appreciate your efforts in updating the template and making it more suitable, Your contribution has been truly valuable to us. Cheers! 🍻
You can join our discord server. It's a great place to connect with fellow contributors and stay updated with the latest developments. Thank you once again

@ritikchaddha
Copy link
Contributor

ritikchaddha commented Nov 8, 2023

Thanks for the contribution @jainiresh !

We would love to give out our swag for your contribution. Are you on our Discord channel? If not, you can join our Discord server and send a note in the #contributing channel.

@jainiresh
Copy link
Contributor Author

jainiresh commented Nov 8, 2023 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ehsandeep ehsandeep ehsandeep left review comments

@ritikchaddha ritikchaddha ritikchaddha approved these changes

Assignees

@DhiyaneshGeek DhiyaneshGeek

Labels

Done Ready to merge good first issue Good for newcomers

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jainiresh @ritikchaddha @ehsandeep @DhiyaneshGeek