Author orsenthil
Recipients alvinchang, brett.cannon, martin.panter, orsenthil, ragdoll.guo, vstinner, xtreak
Date 2019-03-20.06:14:57
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1553062497.5.0.876613962109.issue36276@roundup.psfhosted.org>
In-reply-to
Content
I am going to make a note that the Superseder

1) https://bugs.python.org/issue30458 - is listed only as pending request for 2.7 with the intention to raise an Exception.

However, this bug demonstrates a vulnerability in all versions of Python (including 3.8 as of March 2019).

There are additional related bug reports that deal with the same topic of parsing CRLF in headers / or in requests.

2) https://bugs.python.org/issue14826 
3) https://bugs.python.org/issue13359

A consolidation of all of these is required, and at the end, our goal should be the close the loophole reported by this bug.


I am assigning this bug to myself to work on it, and my first task is make sure that the previous reports 1, 2 and 3 cover the scenario mentioned in this report. If they do not, I will reopen this ticket.

Thanks!
History
Date User Action Args
2019-03-20 06:14:57orsenthilsetrecipients: + orsenthil, brett.cannon, vstinner, martin.panter, xtreak, ragdoll.guo, alvinchang
2019-03-20 06:14:57orsenthilsetmessageid: <1553062497.5.0.876613962109.issue36276@roundup.psfhosted.org>
2019-03-20 06:14:57orsenthillinkissue36276 messages
2019-03-20 06:14:57orsenthilcreate