Nixpkgs security tracker
Untriaged
wsgiref.headers.Headers allows header newline injection
User-controlled header names and values containing newlines can allow injecting HTTP headers.
References
-
https://github.com/python/cpython/issues/143916 issue-tracking
-
https://github.com/python/cpython/issues/143916 issue-tracking
-
https://github.com/python/cpython/issues/143916 issue-tracking
-
https://github.com/python/cpython/issues/143916 issue-tracking
-
https://github.com/python/cpython/issues/143916 issue-tracking
Affected products
CPython
- <3.15.0a6
- <3.15.0
- <3.14.3
- <3.13.12
Package maintainers
-
@sheepforce Phillip Seeber <phillip.seeber@googlemail.com>