*SECURITY*: added detection for incorrect byte sequence in decoded URI (!196) · Merge requests · unitybase / ub-server · GitLab

Pavel Mashliakovskiy requested to merge fix/mailformedDecodedURI into master Mar 21, 2024

SECURITY: attempts for requests with incorrect byte sequence in URI/decoded URI or HTTP Headers now throws ESecurityException and therefore are logged into uba_audit with `Security Violation log level. Such a requests must likely is a MITM attacks
SECURITY: added detection for incorrect byte sequence in decoded URI what can cause unexpected Buffer overflow inside JS engine