Closed
Description
At https://bugs.python.org/issue36276 there's an issue in Python's urllib that an attacker controlling the request parameter can inject headers by injecting CR/LF chars.
A commenter mentions that the same bug is present in urllib3:
https://bugs.python.org/issue36276#msg337837
So reporting it here to make sure it gets attention.
Metadata
Metadata
Assignees
Labels
No labels