[New-bugs-announce] [issue11671] Potential misuse of wsgiref.headers.Headers
report at bugs.python.org
Fri Mar 25 13:14:58 CET 2011
New submission from Felix Gröbert <groebert at google.com>:
As noted by security at python.org's response I'm filing this bug here.
In wsgiref.headers.Headers it is possible to include headers which
contain a newline (i.e. \n or \r) either through add_header or
__init__. It is not uncommon that developers provide web applications
to the public in which the HTTP response headers are not filtered for
newlines but are controlled by the user. In such scenarios a malicious
user can use a newline to inject another header or even initiate a
HTTP response body. The impact would be at least equivalent to XSS.
Therefore, I suggest to filter/warn/except header tuples which contain
the above characters upon assignment in wsgiref.headers.
components: Library (Lib)
title: Potential misuse of wsgiref.headers.Headers
versions: Python 3.3
Python tracker <report at bugs.python.org>
More information about the New-bugs-announce