CRLF Injection in pypiserver
Moderate severity
GitHub Reviewed
Published
Jan 30, 2019
to the GitHub Advisory Database
•
Updated Oct 15, 2024
Description
Published by the National Vulnerability Database
Jan 25, 2019
Published to the GitHub Advisory Database
Jan 30, 2019
Reviewed
Jun 16, 2020
Last updated
Oct 15, 2024
CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a
%0d%0a
in a URI.References