cpython: wsgiref.headers.Headers allows header newline injection in Python

Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers...

Astra Linux - уязвимость в python3.11, python3.7

User-controlled header names and values containing newlines can allow for the injection of HTTP headers...

Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a file transfer software developed by the American company Fortra. Versions of Fortra GoAnywhere MFT prior to version 7.10.0 contained security vulnerabilities. These vulnerabilities stemmed from user-controlled HTTP headers, which could allow attackers to trigger DNS...

cpython: wsgiref.headers.Headers allows header newline injection in Python

Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers...

Linux Distros Unpatched Vulnerability : CVE-2026-0865

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - User-controlled header names and values containing newlines can allow injecting HTTP headers. CVE-2026-0865 Note that Nessus relies on the presence of the packa...

BIT-LIBPYTHON-2026-0865 wsgiref.headers.Headers allows header newline injection

User-controlled header names and values containing newlines can allow injecting HTTP headers...

CVE-2026-0865

Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria...

CVE-2026-0865

User-controlled header names and values containing newlines can allow injecting HTTP headers...

UBUNTU-CVE-2026-0865

User-controlled header names and values containing newlines can allow injecting HTTP headers...

CVE-2026-0865

User-controlled header names and values containing newlines can allow injecting HTTP headers...

CVE-2026-0865

User-controlled header names and values containing newlines can allow injecting HTTP headers...

CVE-2026-0865 wsgiref.headers.Headers allows header newline injection

User-controlled header names and values containing newlines can allow injecting HTTP headers...

PSF-2026-6

User-controlled header names and values containing newlines can allow injecting HTTP headers...

PT-2026-3670

Name of the Vulnerable Software and Affected Versions affected versions not specified Description User-controlled header names and values containing newlines can allow injecting HTTP headers. Recommendations At the moment, there is no information about a newer version that contains a fix for this...

EUVD-2021-20266

Malware in sbrugna...

EUVD-2021-32008

Malicious code in bioql PyPI...

CVE-2021-33580

User controlled request.getHeader"Referer", request.getRequestURL and request.getQueryString are used to build and run a regex expression. The attacker doesn't have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the...