From: Patrick Canterino <patrick@patrick-canterino.de>
Date: Mon, 16 Jun 2025 09:58:15 +0000 (+0200)
Subject: Check for commas in MIME type before generating preview
X-Git-Tag: 4.6.3~2^2~1
X-Git-Url: https://git.p6c8.net/jirafeau/pcanterino.git/commitdiff_plain/79464ec6276e8eb0e0b0ad597db02b85080d2b63?hp=79464ec6276e8eb0e0b0ad597db02b85080d2b63

Check for commas in MIME type before generating preview

It was possible to bypass the preview check by sending a manipulated HTTP request with a MIME type like "image/png,text/html".
When parsing the Content-Type of a HTTP response, browsers see multiple MIME types, and the last one, text/html, takes precedence, allowing to execute potentially harmful JavaScript code.

This check was originally implemented to address CVE-2022-30110 then CVE-2024-12326.

Reported by:
- Yann CAM (ycam) (https://yann.cam/)
- Killian CHEVRIER (palmier) (https://killianchevrier.fr/)
---