[issue39603] [security] http.client: HTTP Header Injection in the HTTP method
Mauro Matteo Cascella
report at bugs.python.org
Mon Sep 28 03:05:14 EDT 2020
Mauro Matteo Cascella <mcascell at redhat.com> added the comment:
Hello,
CVE-2020-26116 has been requested/assigned for this flaw via MITRE form: https://cveform.mitre.org/
I suggest mentioning it in the related vulnerability page: https://python-security.readthedocs.io/vuln/http-header-injection-method.html
Also note that httplib (python-2.7.18) seems to be affected too. Any particular reason for it not to be listed in the same vulnerability page?
Thank you,
----------
nosy: +mcascella
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue39603>
_______________________________________
More information about the Python-bugs-list
mailing list