Message 201884 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	hhm
Recipients	hhm
Date	2013-11-01.09:13:40
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1383297220.57.0.645523530796.issue19470@psf.upfronthosting.co.za>
In-reply-to

Content
An email.header.Header object should not allow two consecutive newlines, since this terminates interpretation of headers and starts the body section. This can be exploited by an attacker in a case of user input being used in headers, and validated with the Header object, by stopping interpretation of any further headers, which become interpreted by an user (or other) agent. This in turn can be used to modify the behavior of emails, web pages, and the like, where such code is present.

An email.header.Header object should not allow two consecutive newlines, since this terminates interpretation of headers and starts the body section. This can be exploited by an attacker in a case of user input being used in headers, and validated with the Header object, by stopping interpretation of any further headers, which become interpreted by an user (or other) agent. This in turn can be used to modify the behavior of emails, web pages, and the like, where such code is present.

History
Date	User	Action	Args
2013-11-01 09:13:40	hhm	set	recipients: + hhm
2013-11-01 09:13:40	hhm	set	messageid: <1383297220.57.0.645523530796.issue19470@psf.upfronthosting.co.za>
2013-11-01 09:13:40	hhm	link	issue19470 messages
2013-11-01 09:13:40	hhm	create