STINNER Victor <vstin...@redhat.com> added the comment:
> According to the following message, urllib3 is also vulnerable to HTTP Header > Injection: (...) And the issue has been reported to urllib3: https://github.com/urllib3/urllib3/issues/1553 Copy of the first message: """ At https://bugs.python.org/issue36276 there's an issue in Python's urllib that an attacker controlling the request parameter can inject headers by injecting CR/LF chars. A commenter mentions that the same bug is present in urllib3: https://bugs.python.org/issue36276#msg337837 So reporting it here to make sure it gets attention. """ ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue30458> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
