---

CVE-2021-29991 - log back

CVE-2021-29991 created at 22 Aug 2021 11:12:36
Severity	+ High
Remote	+ Remote
Type	+ Url request injection
Description	+ Firefox and Thunderbird before version 91.0.1 incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3.
References	+ https://www.mozilla.org/security/advisories/mfsa2021-37/ + https://bugzilla.mozilla.org/show_bug.cgi?id=1724896
Notes