Shopify: HTTP Response Header Injection in shopify/pitchfork + Rack 3
The HTTP response header injection vulnerability was discovered in the Pitchfork library version 0.10.0 when used with Rack 3. The issue stemmed from improper handling of header values containing newline characters in the appendheader method of the HTTP response module. When Rack 3 was used, the...