bpo-35906: Fix CRLF injection in urllib by push0ebp · Pull Request #12524 · python/cpython
Conversation
Disallowing line break in URL parser.
Although I reported security issue a few months ago, it has not been fixed.
Please patch this vulnerability.
This was referenced
bpo-35906: Fix CRLF injection in urllib
[3.7] bpo-35906: Fix CRLF injection in urllib (GH-12524)
[3.7] bpo-35906: Fix CRLF injection in urllib (GH-12524)
bpo-35906: Fix CRLF injection in urllib
this is not maintenance. but maintenance-branch-pr bot detected this PR to maintenance
Hi, I am waiting for patching. but they have not patched yet, So I sent a PR again.
Is this the accepted resolution of CVE-2019-9947? If so, what is blocking the merging of this PR?
Is this the accepted resolution of CVE-2019-9947? If so, what is blocking the merging of this PR?
they have not accepted it yet. I guess that they seem to be interested in this vulnerability. Although I sent a report to Python security a few weeks ago. but they haven't replied.
Thank you for the patch. Based on the last message on this ticket, this is fixed in bpo-30458, so I'm closing this pull request. Please add a comment to bpo-30458 if you believe needs further discussion. Thanks!