[issue28778] wsgiref HTTP Response Header Injection: CRLF Injection

Change by Ashwin Ramaswami : -- keywords: +patch pull_requests: +15024 stage: -> patch review pull_request: https://github.com/python/cpython/pull/15299 ___ Python tracker ___

[issue28778] wsgiref HTTP Response Header Injection: CRLF Injection

Change by Ashwin Ramaswami : -- versions: +Python 2.7 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https:/

[issue28778] wsgiref HTTP Response Header Injection: CRLF Injection

Change by Ashwin Ramaswami : -- nosy: +epicfaace versions: +Python 3.9 -Python 2.7 ___ Python tracker ___ ___ Python-bugs-list maili

[issue28778] wsgiref HTTP Response Header Injection: CRLF Injection

Change by Terry J. Reedy : -- versions: -Python 3.3 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://

[issue28778] wsgiref HTTP Response Header Injection: CRLF Injection

Martin Panter added the comment: Issue 11671 is closely related and has a patch proposing to ban control characters including CRLF (but not spaces). Also see Issue 22928 which added header field validation to the HTTP client module. -- dependencies: +Security hole in wsgiref.headers.

[issue28778] wsgiref HTTP Response Header Injection: CRLF Injection

New submission from RAUSHAN RAJ: https://www.owasp.org/index.php/CRLF_Injection Issue is in wsgiref.headers – WSGI response header tools This module provides a single class, Headers, for convenient manipulation of WSGI response headers using a mapping-like interface. class wsgiref.headers.Head

[issue28778] wsgiref HTTP Response Header Injection: CRLF Injection

Changes by RAUSHAN RAJ : -- components: Library (Lib) nosy: RAUSHAN RAJ priority: normal severity: normal status: open title: wsgiref HTTP Response Header Injection: CRLF Injection type: security versions: Python 2.7, Python 3.3, Python 3.4, Python 3.5 __