Mailman 3 [CVE-2025-15282] Header injection via newlines in data URL mediatype - Security-announce - python.org

newer
[CVE-2025-15366] IMAP command...

[CVE-2025-15282] Header injection via newlines in data URL mediatype

older
Title: [CVE-2026-0865]...

Seth Larson

Jan. 20, 2026

9:35 p.m.

There is a MEDIUM severity vulnerability affecting CPython.

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.

Please see the linked CVE ID for the latest information on affected versions:

Attachments:

attachment.html (text/html — 534 bytes)

Reply

Sign in to reply online Use email software

Show replies by date

27

Age (days ago)

27

Last active (days ago)

Download

0 comments

1 participants

tags

participants (1)

Seth Larson