Senthil Kumaran <sent...@uthcode.com> added the comment:
I am going to make a note that the Superseder 1) https://bugs.python.org/issue30458 - is listed only as pending request for 2.7 with the intention to raise an Exception. However, this bug demonstrates a vulnerability in all versions of Python (including 3.8 as of March 2019). There are additional related bug reports that deal with the same topic of parsing CRLF in headers / or in requests. 2) https://bugs.python.org/issue14826 3) https://bugs.python.org/issue13359 A consolidation of all of these is required, and at the end, our goal should be the close the loophole reported by this bug. I am assigning this bug to myself to work on it, and my first task is make sure that the previous reports 1, 2 and 3 cover the scenario mentioned in this report. If they do not, I will reopen this ticket. Thanks! ---------- assignee: -> orsenthil _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue36276> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
