Message338441
I am going to make a note that the Superseder
1) https://bugs.python.org/issue30458 - is listed only as pending request for 2.7 with the intention to raise an Exception.
However, this bug demonstrates a vulnerability in all versions of Python (including 3.8 as of March 2019).
There are additional related bug reports that deal with the same topic of parsing CRLF in headers / or in requests.
2) https://bugs.python.org/issue14826
3) https://bugs.python.org/issue13359
A consolidation of all of these is required, and at the end, our goal should be the close the loophole reported by this bug.
I am assigning this bug to myself to work on it, and my first task is make sure that the previous reports 1, 2 and 3 cover the scenario mentioned in this report. If they do not, I will reopen this ticket.
Thanks! |
|
Date |
User |
Action |
Args |
2019-03-20 06:14:57 | orsenthil | set | recipients:
+ orsenthil, brett.cannon, vstinner, martin.panter, xtreak, ragdoll.guo, alvinchang |
2019-03-20 06:14:57 | orsenthil | set | messageid: <1553062497.5.0.876613962109.issue36276@roundup.psfhosted.org> |
2019-03-20 06:14:57 | orsenthil | link | issue36276 messages |
2019-03-20 06:14:57 | orsenthil | create | |
|