CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI.
CPE | Name | Operator | Version |
---|---|---|---|
pypiserver | eq | 1.1.8b1 | |
pypiserver | eq | 1.2.2.dev0 | |
pypiserver | eq | 0.1.3 | |
pypiserver | eq | 1.1.7 | |
pypiserver | eq | 1.1.9.dev2 | |
pypiserver | eq | 1.2.1 | |
pypiserver | eq | 1.2.3 | |
pypiserver | eq | 0.1.1 | |
pypiserver | eq | 0.1.2 | |
pypiserver | eq | 0.1.0 |