Описание
Gakido vulnerable to HTTP Header Injection (CRLF Injection)
A vulnerability was discovered in Gakido that allowed HTTP Header Injection through CRLF (Carriage Return Line Feed) sequences in user-supplied header values and names.
When making HTTP requests with user-controlled header values containing \r\n (CRLF), \n (LF), or \x00 (null byte) characters, an attacker could inject arbitrary HTTP headers into the request.
Impact
An attacker who can control header values passed to Gakido's Client.get(), Client.post(), or other request methods could:
- Inject arbitrary HTTP headers - Add malicious headers to requests
- HTTP Response Splitting - Potentially manipulate responses in certain proxy configurations
- Cache Poisoning - Inject headers that could poison intermediate caches
- Session Fixation - Inject session-related headers
- Bypass Security Controls - Inject headers that bypass server-side security checks
Proof of Concept
Affected Code
The vulnerability existed in the header processing logic where user-supplied headers were not sanitized before being sent in HTTP requests.
File: gakido/headers.py
Function: canonicalize_headers()
Fix
The fix adds a _sanitize_header() function that strips \r, \n, and \x00 characters from both header names and values before they are included in HTTP requests.
Пакеты
gakido
< 0.1.1
0.1.1
Связанные уязвимости
Gakido is a Python HTTP client focused on browser impersonation and anti-bot evasion. A vulnerability was discovered in Gakido prior to version 0.1.1 that allowed HTTP header injection through CRLF (Carriage Return Line Feed) sequences in user-supplied header values and names. When making HTTP requests with user-controlled header values containing `\r\n` (CRLF), `\n` (LF), or `\x00` (null byte) characters, an attacker could inject arbitrary HTTP headers into the request. The fix in version 0.1.1 adds a `_sanitize_header()` function that strips `\r`, `\n`, and `\x00` characters from both header names and values before they are included in HTTP requests.