[issue38576] CVE-2019-18348: CRLF injection via the host part of the url passed to urlopen()
Gregory P. Smith
report at bugs.python.org
Sat Mar 14 14:56:15 EDT 2020
Gregory P. Smith <greg at krypto.org> added the comment:
New changeset 9165addc22d05e776a54319a8531ebd0b2fe01ef by Ashwin Ramaswami in branch 'master':
bpo-38576: Disallow control characters in hostnames in http.client (GH-18995)
https://github.com/python/cpython/commit/9165addc22d05e776a54319a8531ebd0b2fe01ef
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue38576>
_______________________________________
More information about the Python-bugs-list
mailing list