Omarkurt

**Name of the Vulnerable Software and Affected Versions** Gakido versions prior to 0.1.1 **Description** Gakido, a Python HTTP client designed for browser impersonation and anti-bot evasion, contains a flaw that allows for HTTP header injection. This occurs due to the lack of proper sanitization of user-supplied header values and names, specifically allowing Carriage Return Line Feed (CRLF) sequences (`r `, ` `, and `x00`) within these values. An attacker controlling header values passed to Gakido’s request methods, such as `Client.get()` and `Client.post()`, can inject arbitrary HTTP headers. This could lead to several potential consequences, including injecting malicious headers, manipulating responses in certain proxy configurations, cache poisoning, session fixation, and bypassing server-side security checks. The vulnerable code resides in the `gakido/headers.py` file within the `canonicalize headers()` function. **Recommendations** Versions prior to 0.1.1 should be updated to version 0.1.1 or later. This update includes the ` sanitize header()` function, which removes `r`, ` `, and `x00` characters from header names and values, preventing the injection of arbitrary HTTP headers.

**Name of the Vulnerable Software and Affected Versions** Mailpit versions prior to 1.28 **Description** Mailpit, an email testing tool and API for developers, has a header injection issue in its SMTP server. This is due to a flawed regular expression used to validate `RCPT TO` and `MAIL FROM` addresses, failing to exclude carriage return characters (`r`) and newline characters (` `) within a character class. An attacker can inject arbitrary SMTP headers or corrupt existing ones by including these characters in the email address. The insufficient filtering of control characters allows for the manipulation of SMTP headers. **Recommendations** Update to version 1.28 or later.

**Name of the Vulnerable Software and Affected Versions** Mailpit versions prior to 1.28.2 **Description** Mailpit, an email testing tool and API for developers, contains a Cross-Site WebSocket Hijacking (CSWSH) issue in its WebSocket server. The server, in versions prior to 1.28.2, does not validate the Origin header, allowing an attacker to establish a WebSocket connection to a developer’s Mailpit instance. This connection, established through a malicious website visited by a developer running Mailpit locally, enables the attacker to intercept sensitive data in real-time, including email contents, headers, and server statistics. The default WebSocket endpoint is `ws://localhost:8025`. **Recommendations** Update Mailpit to version 1.28.2 or later.

**Name of the Vulnerable Software and Affected Versions** Mailpit versions 1.28.0 and below **Description** Mailpit is an email testing tool and API for developers. A Server-Side Request Forgery (SSRF) exists in the `/proxy` endpoint, allowing attackers to make requests to internal network resources. The `/proxy` endpoint validates http:// and https:// schemes but does not block internal IP addresses, enabling access to internal services and APIs. This is limited to HTTP GET requests with minimal headers. **Recommendations** Update Mailpit to version 1.28.1 or later.