CRLF injection vulnerability in CPython's http.server and wsgiref send_header() allows injecting arbitrary HTTP headers including Set-Cookie and Location when user input is reflected in headers.
CRLF injection vulnerability in CPython's http.server and wsgiref send_header() allows injecting arbitrary HTTP headers including Set-Cookie and Location when user input is reflected in headers.
No comments yet. Log in to reply on the Fediverse. Comments will appear here.