Описание
When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-infra-legacy/trusty | needs-triage | |
| esm-infra/bionic | needs-triage | |
| esm-infra/xenial | needs-triage | |
| jammy | needs-triage | |
| noble | DNE | |
| questing | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| jammy | released | 3.10.12-1~22.04.14 |
| noble | DNE | |
| questing | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/jammy | released | 3.11.0~rc1-1~22.04.1~esm8 |
| jammy | needed | |
| noble | DNE | |
| questing | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| jammy | DNE | |
| noble | released | 3.12.3-1ubuntu0.11 |
| questing | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 3.13.12-1 |
| jammy | DNE | |
| noble | DNE | |
| questing | released | 3.13.7-1ubuntu0.3 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 3.14.3-1 |
| jammy | DNE | |
| noble | DNE | |
| questing | released | 3.14.0-1ubuntu0.2 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | released | 3.4.3-1ubuntu1~14.04.7+esm19 |
| jammy | DNE | |
| noble | DNE | |
| questing | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | released | 3.5.2-2ubuntu0~16.04.4~14.04.1+esm9 |
| esm-infra/xenial | released | 3.5.2-2ubuntu0~16.04.13+esm21 |
| jammy | DNE | |
| noble | DNE | |
| questing | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra/bionic | released | 3.6.9-1~18.04ubuntu1.13+esm8 |
| jammy | DNE | |
| noble | DNE | |
| questing | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/bionic | released | 3.7.5-2ubuntu1~18.04.2+esm9 |
| jammy | DNE | |
| noble | DNE | |
| questing | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/bionic | released | 3.8.0-3ubuntu1~18.04.2+esm9 |
| esm-infra/focal | released | 3.8.10-0ubuntu1~20.04.18+esm5 |
| jammy | DNE | |
| noble | DNE | |
| questing | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/focal | released | 3.9.5-3ubuntu0~20.04.1+esm9 |
| jammy | DNE | |
| noble | DNE | |
| questing | DNE | |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
Связанные уязвимости
When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.
When using http.cookies.Morsel, user-controlled cookie values and para ...
When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.
EPSS