ecstatic is vulnerable to a denial of service (DoS). When an attacker provides a URL parameter with symbols such as \x0c
, it leads to a redirection from /existing-dir-name?\x0cfoo
to /existing-dir-name/?\x0cfoo
and causes TypeError: The header content contains invalid characters error
, possibly crashing the server.