[issue42987] HTTP header injection in urllib on windows

bfpiaoran added the comment: I encountered a problem with this project https://github.com/zhangfisher/DjangoUeditor, but it seems that it is no longer maintained :) -- ___ Python tracker __

[issue42987] HTTP header injection in urllib on windows

STINNER Victor added the comment: FYI I wrote https://github.com/vstinner/check_python_vuln tool to check known Python vulnerabilities. But I didn't write a check for all known vulnerabilities. Contributions are welcome ;-) -- ___ Python tracker

[issue42987] HTTP header injection in urllib on windows

bfpiaoran added the comment: ok i tried it, indeed -- ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https:

[issue42987] HTTP header injection in urllib on windows

STINNER Victor added the comment: > My python version is 3.7.2 Please upgrade, you version contains at least two fixed HTTP Header Injection vulnerabilities: https://python-security.readthedocs.io/vuln/http-header-injection-method.html https://python-security.readthedocs.io/vuln/urlopen-host

[issue42987] HTTP header injection in urllib on windows

Gregory P. Smith added the comment: Have you tried this on a more recent Python? works for me on 3.7.8 on macos. Python 3.7.8 (v3.7.8:4b47a5b6ba, Jun 27 2020, 04:47:50) [Clang 6.0 (clang-600.0.57)] on darwin Type "help", "copyright", "credits" or "license" for more information. >>> from urll

[issue42987] HTTP header injection in urllib on windows

New submission from bfpiaoran : Recently,(on windows) I discovered a security issue during a security review due to urllib.I checked the document and found that it has been fixed at https://bugs.python.org/issue22928.but My python version is 3.7.2 over the fix bug version .Then tried to find