New submission from hhm: An email.header.Header object should not allow two consecutive newlines, since this terminates interpretation of headers and starts the body section. This can be exploited by an attacker in a case of user input being used in headers, and validated with the Header object, by stopping interpretation of any further headers, which become interpreted by an user (or other) agent. This in turn can be used to modify the behavior of emails, web pages, and the like, where such code is present.
---------- components: Library (Lib) messages: 201884 nosy: hhm priority: normal severity: normal status: open title: email.header.Header - should not allow two newlines in a row type: security versions: Python 2.7 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue19470> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
