Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
0.10.1
-
None
-
ubuntu
-
New Contributors Level (Easy)
Description
Newlines in document locations break header parsing. Potential header injection issues?
$ curl -X DELETE http://localhost:5984/testdb
{"ok":true}$ curl -X PUT http://localhost:5984/testdb
{"ok":true}$ curl -i -X PUT -d '{}' 'http://localhost:5984/testdb/docid%0A'
HTTP/1.1 201 Created
Server: CouchDB/0.10.1 (Erlang OTP/R13B)
Location: http://localhost:5984/testdb/docid
Etag: "1-967a00dff5e02add41819138abb3284d"
Date: Wed, 24 Mar 2010 12:33:25 GMT
Content-Type: text/plain;charset=utf-8
Content-Length: 70
Cache-Control: must-revalidate