]> git.p6c8.net - jirafeau.git/commitdiff
git.p6c8.net / jirafeau.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from: 6cfca87)
Made check for MIME type "image/svg+xml" case insensitive
authorPatrick Canterino <patrick@patrick-canterino.de>
Sun, 1 Dec 2024 14:05:34 +0000 (15:05 +0100)
committerPatrick Canterino <patrick@patrick-canterino.de>
Sun, 1 Dec 2024 14:05:34 +0000 (15:05 +0100)
It was possible to bypass this check by sending a manipulated HTTP request with a MIME type like "image/svg+XML".
This check was originally implemented to address CVE-2022-30110.

Reported by:
- Yann CAM (ycam) (https://yann.cam/)
- Georges TAUPIN (jo) (https://www.georgestaupin.com/)


No differences found
My fork of Jirafeau

patrick-canterino.de