BlackSheep HTTP Client CRLF Injection Vulnerability

A CRLF injection vulnerability has been identified in the BlackSheep HTTP Client, prior to version 2.4.6. This issue arises from inadequate validation of headers, allowing attackers to manipulate HTTP requests by inserting new headers or even creating entirely new HTTP requests. Exploitation requires developers to include unsanitized user input directly into header values. It is important to note that this vulnerability does not affect the server-side implementation, as BlackSheep relies on an underlying ASGI server to manage response headers.

Impact

Exploitation of this vulnerability allows for CRLF injection, enabling attackers to manipulate HTTP headers and potentially create new HTTP requests.

Reproduction

The vulnerability can be reproduced by sending an HTTP request through the BlackSheep HTTP Client that includes unsanitized user input in the headers. This can be done by crafting a request that injects CRLF characters into the header values, which will be interpreted as the end of one header and the beginning of another, allowing for header manipulation or the creation of new headers.

Remediation

Users should upgrade to BlackSheep version 2.4.6 or later, where this vulnerability has been fixed.