This issue tracker has been migrated to GitHub ,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
| Author | vstinner |
|---|---|
| Recipients | gregory.p.smith, martin.panter, orange, serhiy.storchaka, vstinner, ware, xiang.zhang, xtreak |
| Date | 2019年04月10日.12:35:01 |
| SpamBayes Score | -1.0 |
| Marked as misclassified | Yes |
| Message-id | <1554899701.99.0.904215209359.issue30458@roundup.psfhosted.org> |
| In-reply-to |
| Content | |
|---|---|
> According to the following message, urllib3 is also vulnerable to HTTP Header Injection: (...) And the issue has been reported to urllib3: https://github.com/urllib3/urllib3/issues/1553 Copy of the first message: """ At https://bugs.python.org/issue36276 there's an issue in Python's urllib that an attacker controlling the request parameter can inject headers by injecting CR/LF chars. A commenter mentions that the same bug is present in urllib3: https://bugs.python.org/issue36276#msg337837 So reporting it here to make sure it gets attention. """ |
|
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2019年04月10日 12:35:02 | vstinner | set | recipients: + vstinner, gregory.p.smith, martin.panter, serhiy.storchaka, xiang.zhang, orange, xtreak, ware |
| 2019年04月10日 12:35:01 | vstinner | set | messageid: <1554899701.99.0.904215209359.issue30458@roundup.psfhosted.org> |
| 2019年04月10日 12:35:01 | vstinner | link | issue30458 messages |
| 2019年04月10日 12:35:01 | vstinner | create | |