MariaDB: [] CRLF injection in case of encoded query mark

ID H1:490997
Type hackerone
Reporter s_p_q_r
Modified 2019-02-14T14:39:59


A CRLF injection vulnerability was reported and fixed for our website. The attack could lead to cookie injection, HTTP response splitting and session fixation attacks, amongst other things, across mariadb domains.