MEDIUM 6.1 PyPI
CRLF Injection in pypiserver
GHSA-mh24-7wvg-v88g · CVE-2019-6802 · PYSEC-2019-113
Published · Modified
Description
CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2019-6802
- WEB https://github.com/pypiserver/pypiserver/issues/237
- WEB https://github.com/pypiserver/pypiserver/commit/1375a67c55a9b8d4619df30d2a1c0b239d7357e6
- WEB https://github.com/pypa/advisory-database/tree/main/vulns/pypiserver/PYSEC-2019-113.yaml
- PACKAGE https://github.com/pypiserver/pypiserver
Ready to move
Start Securing
Free, no credit card | First findings in minutes