PYSEC-2019-43

Published Jan 25, 2019 · Modified Mar 14, 2023

Description

CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI.

Ready to move

Free, no credit card | First findings in minutes