From 2dda7f38b89b9fcefdb832634122437efb34f67f Mon Sep 17 00:00:00 2001 From: Vinzent Steinberg Date: Mon, 7 Oct 2019 17:05:39 +0200 Subject: [PATCH] Use backticks for escaped characters --- crates/hyper/RUSTSEC-2017-0002.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crates/hyper/RUSTSEC-2017-0002.toml b/crates/hyper/RUSTSEC-2017-0002.toml index ab71e11bf..1d67724bb 100644 --- a/crates/hyper/RUSTSEC-2017-0002.toml +++ b/crates/hyper/RUSTSEC-2017-0002.toml @@ -6,7 +6,7 @@ date = "2017-01-23" url = "https://github.com/hyperium/hyper/wiki/Security-001" title = "headers containing newline characters can split messages" description = """ -Serializing of headers to the socket did not filter the values for newline bytes (\\r or \\n), +Serializing of headers to the socket did not filter the values for newline bytes (`\\r` or `\\n`), which allowed for header values to split a request or response. People would not likely include newlines in the headers in their own applications, so the way for most people to exploit this is if an application constructs headers based on unsanitized user input.