GHSA-7WC8-WVC4-M498 Microdot has HTTP response splitting in Response.set_cookie()
Impact The Response.setcookie method does not sanitize its string arguments, and in particular will not detect the presence of the \r\n sequence in them. This can be a potential source of header injection attacks. For a header injection attack through this issue to be possible, an attacker must...