,该漏洞出现在该方法中。我猜您必须查找传递给该方法的任何参数或数据点并对其进行验证。按照CWE 113...
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') Fix commit:efb910d For more information If you have any questions or comments about this advisory: Open an issue inratpack/ratpack Ask in ourSlack channel ...
Fix Fortunately, this fix is very simple. Simply prevent the two characters of a CRLF sequence from being saved within this stream. Veracode's recommended approach is to encode any input from users that is written to the log (although there are other fixes). In Java applications, it’s ea...