From db533c891ea331fab2e2df17819f9528f8f80925 Mon Sep 17 00:00:00 2001
From: Austin Songer <austinvernsonger@protonmail.com>
Date: Tue, 21 Jan 2020 22:03:20 +0000
Subject: [PATCH] ANSWERED: Explain HTTP Header Injection.

---
 README.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/README.md b/README.md
index 15cce20..53820e5 100644
--- a/README.md
+++ b/README.md
@@ -5427,6 +5427,9 @@ You can use OWASP ZAP to analyze a "request", and if it appears that there no pr
 
 <details>
 <summary>Explain HTTP Header Injection vulnerability</summary><br><b>
+
+HTTP Header Injection vulnerabilities occur when user input is insecurely included within server responses headers. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.
+
 </b></details>
 
 <details>