This PR is in relation to this article describing a security vulnerability in Vault.
We have similar code, so I checked it through and found that we're actually not vulnerable to the same issue because we have been checking the Action header all along. Just in case, though, I decided to tighten up checking what's in the response we get from AWS to make sure it doesn't have an unexpected content-type header. Also, just in case there's some other header that we don't know about that could be used to slip in JSON, I added a check to make sure the body doesn't look like it could contain JSON.
This PR is in relation to this article describing a security vulnerability in Vault.
We have similar code, so I checked it through and found that we're actually not vulnerable to the same issue because we have been checking the
Actionheader all along. Just in case, though, I decided to tighten up checking what's in the response we get from AWS to make sure it doesn't have an unexpected content-type header. Also, just in case there's some other header that we don't know about that could be used to slip in JSON, I added a check to make sure the body doesn't look like it could contain JSON.