From: Patrick Canterino <patrick@patrick-canterino.de>
Date: Sun, 1 Dec 2024 14:05:34 +0000 (+0100)
Subject: Made check for MIME type "image/svg+xml" case insensitive
X-Git-Tag: 4.6.1~3
X-Git-Url: https://git.p6c8.net/jirafeau_project.git/commitdiff_plain/6cfca8753d54e2025c6020b2af32529e25f58c66?ds=sidebyside;hp=6cfca8753d54e2025c6020b2af32529e25f58c66

Made check for MIME type "image/svg+xml" case insensitive

It was possible to bypass this check by sending a manipulated HTTP request with a MIME type like "image/svg+XML".
This check was originally implemented to address CVE-2022-30110.

Reported by:
- Yann CAM (ycam) (https://yann.cam/)
- Georges TAUPIN (jo) (https://www.georgestaupin.com/)
---