This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author vstinner
Recipients christian.heimes, corona10, ecbftw, giampaolo.rodola, martin.panter, serhiy.storchaka, supl, vstinner
Date 2017-07-21.11:54:09
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1500638049.88.0.267548899955.issue29606@psf.upfronthosting.co.za>
In-reply-to
Content
> What is wrong with an URL containing '\n'?

For the attack, see http://blog.blindspotsecurity.com/2017/02/advisory-javapython-ftp-injections.html

Honestly, I don't understand well the bug :) But it doesn't seem correct to me to have a newline in a hostname.
History
Date User Action Args
2017-07-21 11:54:09vstinnersetrecipients: + vstinner, giampaolo.rodola, christian.heimes, martin.panter, serhiy.storchaka, ecbftw, supl, corona10
2017-07-21 11:54:09vstinnersetmessageid: <1500638049.88.0.267548899955.issue29606@psf.upfronthosting.co.za>
2017-07-21 11:54:09vstinnerlinkissue29606 messages
2017-07-21 11:54:09vstinnercreate