Commit Permalink Browse filesBrowse the repository at this point in the history CVE-2023-40547 - avoid incorrectly trusting HTTP headers When retrieving files via HTTP or related protocols, shim attempts to allocate a buffer to store the received data. Unfortunately, this means getting the size from an HTTP header, which can be manipulated to specify a size that's smaller than the received data. In this case, the code accidentally uses the header for the allocation but the protocol metadata to...