Merge pull request #177 from vks/fix-escapes

Fix escapes in hyper advisory
2026-02-23 15:38:27 +01:00 · 2019-10-07 06:42:01 -07:00
parent b6a88434ed 5233609919
commit 5e28b2dfe5
1 changed files with 1 additions and 1 deletions
--- a/crates/hyper/RUSTSEC-2017-0002.toml
+++ b/crates/hyper/RUSTSEC-2017-0002.toml
@@ -6,7 +6,7 @@ date = "2017-01-23"
 url = "https://github.com/hyperium/hyper/wiki/Security-001"
 title = "headers containing newline characters can split messages"
 description = """
-Serializing of headers to the socket did not filter the values for newline bytes (\r or \n),
+Serializing of headers to the socket did not filter the values for newline bytes (\\r or \\n),
 which allowed for header values to split a request or response. People would not likely include
 newlines in the headers in their own applications, so the way for most people to exploit this
 is if an application constructs headers based on unsanitized user input.