8 matches found
cpython: wsgiref.headers.Headers allows header newline injection in Python
Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers...
SUSE SLES15 Security Update : python311 (SUSE-SU-2026:0693-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0693-1 advisory. - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters...
SUSE SLED15: libpython3_13-1_0 / python313 / python313-base / python313-curses / etc (SUSE-SU-2026:0642-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0642-1 advisory. Update to Python 3.13.12 - CVE-2026-0672: Fixed a HTTP header injection via user-controlled cookie values and...
SUSE SLES15 / openSUSE 15 Security Update : python39 (SUSE-SU-2026:0643-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0643-1 advisory. - CVE-2025-11468: Fixed a header injection when folding a long comment in an email header containing exclusively...
Medium: python3.13
Issue Overview: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 User-controlled...
CVE-2026-0865
Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria...
Astra Linux – Vulnerability in Python 3.11
There is a medium-severity vulnerability affecting CPython. The email module does not properly quote newlines for email headers when serializing an email message, allowing for header injection when an email is serialized...
USN-5047-1 firefox vulnerability
It was discovered that Firefox could be made to incorrectly accept newlines in HTTP/3 response headers. If a user were tricked into opening a specially crafted website, an attacker could exploit this to conduct header splitting attacks...