[issue28778] wsgiref HTTP Response Header Injection: CRLF Injection
Martin Panter
report at bugs.python.org
Sat Nov 25 16:34:11 EST 2017
Martin Panter <vadmium+py at gmail.com> added the comment:
Issue 11671 is closely related and has a patch proposing to ban control characters including CRLF (but not spaces).
Also see Issue 22928 which added header field validation to the HTTP client module.
----------
dependencies: +Security hole in wsgiref.headers.Headers
nosy: +martin.panter
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue28778>
_______________________________________
More information about the Python-bugs-list
mailing list