Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2026-0672

Опубликовано: 20 янв. 2026
Источник: debian
EPSS Низкий

Описание

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python3.14fixed3.14.3-1package
python3.13fixed3.13.12-1package
python3.13no-dsatrixiepackage
python3.11removedpackage
python3.11no-dsabookwormpackage
python3.9removedpackage
pypy3unfixedpackage
pypy3no-dsatrixiepackage
pypy3no-dsabookwormpackage
pypy3postponedbullseyepackage

Примечания

  • https://github.com/python/cpython/pull/143920

  • https://github.com/python/cpython/issues/143919

  • https://mail.python.org/archives/list/security-announce@python.org/thread/6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M/

  • https://github.com/python/cpython/commit/95746b3a13a985787ef53b977129041971ed7f70

  • https://github.com/python/cpython/commit/712452e6f1d4b9f7f8c4c92ebfcaac1705faa440 (v3.14.3)

  • https://github.com/python/cpython/commit/918387e4912d12ffc166c8f2a38df92b6ec756ca (v3.13.12)

  • https://github.com/python/cpython/commit/b1869ff648bbee0717221d09e6deff46617f3e85 (v3.11.15)

  • https://github.com/python/cpython/commit/7852d72b653fea0199acf5fc2a84f6f8b84eba8d (v3.10.20)

  • The CVE requires a followup as/relates to CVE-2026-3644

EPSS

Процентиль: 37%
0.00158
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2026-0672

ubuntu
2 месяца назад

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.

redhat логотип

CVE-2026-0672

CVSS3: 4.8
redhat
2 месяца назад

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.

nvd логотип

CVE-2026-0672

nvd
2 месяца назад

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.

github логотип

GHSA-x85f-j5v8-5vrv

github
2 месяца назад

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.

suse-cvrf логотип

SUSE-SU-2026:0590-1

suse-cvrf
около 1 месяца назад

Security update for python

EPSS

Процентиль: 37%
0.00158
Низкий