[issue38576] CVE-2019-18348: CRLF injection via the host part of the url passed to urlopen()
Justin Capella
report at bugs.python.org
Wed Nov 20 08:52:37 EST 2019
Justin Capella <justincapella at gmail.com> added the comment:
Can't see the specifics of that "restricted" redhat bug, but this was interesting bug and I wanted to ask if perhaps the domain in such cases should be IDN / punycoded ://xn--n28h.ws/ for example is ://💩.la
----------
nosy: +b1tninja
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue38576>
_______________________________________
More information about the Python-bugs-list
mailing list