[issue36276] Python urllib CRLF injection vulnerability
Senthil Kumaran
report at bugs.python.org
Wed Mar 20 02:14:57 EDT 2019
Senthil Kumaran <senthil at uthcode.com> added the comment:
I am going to make a note that the Superseder
1) https://bugs.python.org/issue30458 - is listed only as pending request for 2.7 with the intention to raise an Exception.
However, this bug demonstrates a vulnerability in all versions of Python (including 3.8 as of March 2019).
There are additional related bug reports that deal with the same topic of parsing CRLF in headers / or in requests.
2) https://bugs.python.org/issue14826
3) https://bugs.python.org/issue13359
A consolidation of all of these is required, and at the end, our goal should be the close the loophole reported by this bug.
I am assigning this bug to myself to work on it, and my first task is make sure that the previous reports 1, 2 and 3 cover the scenario mentioned in this report. If they do not, I will reopen this ticket.
Thanks!
----------
assignee: -> orsenthil
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue36276>
_______________________________________
More information about the Python-bugs-list
mailing list