关键漏洞信息 1. header injection via unsanitized URL components (CRLF injection) Summary: - places the URL path and URI directly into the HTTP request line without sanitizing control characters, allowing for header injection. - This can bypass checks, alter routing, or pollute caches. Examples: - Injecting headers like , , , or custom headers (e.g., ). PoC: - A Python script demonstrates how an attacker can include headers in the request by manipulating the URL. 2. vi: ANSI escape sequences in status/error lines Summary: - BusyBox renders ANSI escape sequences in the status and error lines, which can trigger terminal control sequences. - This might lead to terminal spoofing or loss of UX. 3. wget: credential forwarding on cross-origin redirect Summary: - Fetching a URL that returns a 302 redirect causes credentials in the header to be sent to the new origin. - Consistent with issues described in CVE-2021-31879. Observation: - An header is sent on redirects, even to different origins. Suggested Mitigations For header injection: - Reject control characters and whitespace in the host and path. For ANSI escape sequences: - Strip or escape control characters in all user-controlled strings. For credential forwarding: - Clear headers on redirects to different hosts or schemes unless explicitly allowed.