Considering folks have been using spaces in their object names for quite some time, and I believe \r\n (I know I've seen \r and \n separately, don't remember if together) all of these would normally (meaning non-exploit) would've caused a bunch of 400 Bad Requests, I don't think this is an issue at all.
However, a actual working exploit would be wonderful with this and any security report -- especially if it would only take 10-15 minutes to do.
Considering folks have been using spaces in their object names for quite some time, and I believe \r\n (I know I've seen \r and \n separately, don't remember if together) all of these would normally (meaning non-exploit) would've caused a bunch of 400 Bad Requests, I don't think this is an issue at all.
However, a actual working exploit would be wonderful with this and any security report -- especially if it would only take 10-15 minutes to do.