Summary
Attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar.
Impact
In the unlikely situation that an application is passing user-controlled strings into MultipartWriter.append(headers=...) or Payload.headers, then an attacker may be able to modify the request to inject headers or change the contents of the request.
Workaround
Sanitise such user input.
Patch: aio-libs/aiohttp@bf88077
References
Summary
Attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar.
Impact
In the unlikely situation that an application is passing user-controlled strings into
MultipartWriter.append(headers=...)orPayload.headers, then an attacker may be able to modify the request to inject headers or change the contents of the request.Workaround
Sanitise such user input.
Patch: aio-libs/aiohttp@bf88077
References