[issue30458] [security][CVE-2019-9740][CVE-2019-9947] HTTP Header Injection (follow-up of CVE-2016-5699)
STINNER Victor
report at bugs.python.org
Wed Apr 17 11:35:49 EDT 2019
STINNER Victor <vstinner at redhat.com> added the comment:
"wave Hi! I've noticed that CVE-2019-11236 has been assigned to the CRLF injection issue described here. It seems that the library has been patched in GitHub, but no new release has been made to pypi. (...)"
This urllib3 change:
https://github.com/urllib3/urllib3/commit/0aa3e24fcd75f1bb59ab159e9f8adb44055b2271
urllib3 now vendors a copy of the rfc3986 library:
https://pypi.org/project/rfc3986/
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue30458>
_______________________________________
More information about the Python-bugs-list
mailing list