MariaDB: [downloads.mariadb.org] CRLF injection in case of encoded query mark

2019-02-04T14:07:18
ID H1:490997
Type hackerone
Reporter s_p_q_r
Modified 2019-02-14T14:39:59

Description

A CRLF injection vulnerability was reported and fixed for our downloads.mariadb.org website. The attack could lead to cookie injection, HTTP response splitting and session fixation attacks, amongst other things, across mariadb domains.