Closed thomas-fossati closed 1 week ago
ISTM that no new surface for cross-protocol attacks has been introduced by these types.
Changing "application/eat+cwt; eat_profile=1.2.3"
into "application/eat+cwt; eat_profile=3.2.1"
is not different from changing "application/foo"
into "application/bar"
.
In his Secdir review, @timfromdigicert notes: