2 matches found
CVE-2019-6802
CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI...
CVE-2019-6802
CVE-2019-6802 affects pypiserver up to version 1.2.5, where an attacker can inject carriage return/line feed via a URI (%0d%0a) to set arbitrary HTTP headers and potentially trigger XSS. The root cause is CRLF injection in how certain inputs are handled, enabling header manipulation and possible ...