crlf-injection
Safeguard articles tagged "crlf-injection" — guides, analysis, and best practices for software supply chain and application security.
5 articles
Log injection attacks and how to stop forging your own audit trail
One unsanitized turns a log line into two, and a critical Log4j flaw with a CVSS score of 10.0 turned a log message into remote code execution.
Log Injection: How Attackers Poison Your Logs (and How to Stop Them)
Logs are supposed to be your source of truth during an incident. Log injection lets attackers forge entries, break parsers, and — in the worst cases — trigger code execution from a log line.
SMTP Injection (Email Header Injection): Prevention Guide
A contact form that builds emails from user input can be turned into a spam relay or a phishing generator through SMTP header injection. Here's how the attack works and how to neutralize it.
CRLF injection and HTTP response splitting explained
CRLF injection lets attackers forge HTTP headers and split responses. Here's how it works, real CVEs behind it, and how to detect and stop it.
CVE-2020-26137: CRLF injection in urllib3 header handling
CVE-2020-26137 let attackers inject CRLF sequences into urllib3-built HTTP requests. Here's the impact, affected versions, and how to remediate it.