Описание
User-controlled header names and values containing newlines can allow injecting HTTP headers.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python3.14 | fixed | 3.14.3-1 | package | |
| python3.13 | fixed | 3.13.12-1 | package | |
| python3.13 | no-dsa | trixie | package | |
| python3.11 | removed | package | ||
| python3.11 | no-dsa | bookworm | package | |
| python3.9 | removed | package | ||
| python2.7 | removed | package | ||
| python2.7 | end-of-life | bullseye | package | |
| pypy3 | unfixed | package | ||
| pypy3 | no-dsa | trixie | package | |
| pypy3 | no-dsa | bookworm | package | |
| pypy3 | postponed | bullseye | package | |
| jython | unfixed | package | ||
| jython | no-dsa | trixie | package | |
| jython | no-dsa | bookworm | package | |
| jython | end-of-life | bullseye | package |
Примечания
https://github.com/python/cpython/pull/143917
https://github.com/python/cpython/issues/143916
https://mail.python.org/archives/list/security-announce@python.org/thread/BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT/
https://github.com/python/cpython/commit/f7fceed79ca1bceae8dbe5ba5bc8928564da7211 (main)
https://github.com/python/cpython/commit/23e3c0ae867cca0130e441e776c9955b9027c510 (3.14-branch)
https://github.com/python/cpython/commit/22e4d55285cee52bc4dbe061324e5f30bd4dee58 (3.13-branch)
https://github.com/python/cpython/commit/4802b96a2cde58570c24c13ef3289490980961c5 (3.12-branch)
https://github.com/python/cpython/commit/e4846a93ac07a8ae9aa18203af0dd13d6e7a6995 (3.11-branch)
https://github.com/python/cpython/commit/2f840249550e082dc351743f474ba56da10478d2 (3.10-branch)
Связанные уязвимости
User-controlled header names and values containing newlines can allow injecting HTTP headers.
User-controlled header names and values containing newlines can allow injecting HTTP headers.
User-controlled header names and values containing newlines can allow injecting HTTP headers.
