3 matches found
BIT-LIBPYTHON-2026-0672 Header injection in http.cookies.Morsel
When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...
CVE-2026-0672
CVE-2026-0672 concerns Python’s handling of cookie/header parsing (notably http.cookies.Morsel) where user-controlled cookie values and parameters could inject HTTP headers. Connected advisories confirm related fixes across Python builds and distributions (Ubuntu USN-8018-1; Debian DLA-4455; Chai...
CVE-2024-40624 Deserialization of untrusted data in torrentpier/torrentpier
TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In torrentpier/library/includes/functions.php, gettracks uses the unsafe native PHP serialization format to deserialize user-controlled cookies. One can use phpggc and the chain Guzzle/FW1 to write PHP code to...