Skip to content

*SECURITY*: added detection for incorrect byte sequence in decoded URI

Pavlo Mashliakovskiy requested to merge fix/mailformedDecodedURI into master
  • SECURITY: attempts for requests with incorrect byte sequence in URI/decoded URI or HTTP Headers now throws ESecurityException and therefore are logged into uba_audit with `Security Violation log level. Such a requests must likely is a MITM attacks
  • SECURITY: added detection for incorrect byte sequence in decoded URI what can cause unexpected Buffer overflow inside JS engine

Merge request reports

Loading