CVE-2019-6802

CVE-2019-6802 affects pypiserver up to version 1.2.5, where an attacker can inject carriage return/line feed via a URI (%0d%0a) to set arbitrary HTTP headers and potentially trigger XSS. The root cause is CRLF injection in how certain inputs are handled, enabling header manipulation and possible ...