PYSEC-2019-43
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/pypiserver/PYSEC-2019-43.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2019-43
- Withdrawn
- 2023-03-14T07:01:09.349013Z
- Published
- 2019-01-25T04:29:00Z
- Modified
- 2023-03-14T07:01:09.349013Z
- Summary
- [none]
- Details
-
CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI.
- References
Affected packages
PyPI / pypiserver
Package
- Name
- pypiserver
- View open source insights on deps.dev
- Purl
- pkg:pypi/pypiserver
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.2.6
Affected versions
0.*
0.1.0
0.1.1
0.1.2
0.1.3
0.2.0
0.3.0
0.4.0
0.4.1
0.5.0
0.5.1
0.5.2
0.6.0
0.6.1
1.*
1.0.0
1.0.1
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7-rc.1
1.1.7
1.1.8b0
1.1.8b1
1.1.8
1.1.9.dev0
1.1.9.dev1
1.1.9.dev2
1.1.9
1.1.10
1.2.0.dev1
1.2.0b1
1.2.0
1.2.1.dev0
1.2.1rc0
1.2.1
1.2.2.dev0
1.2.2
1.2.3
1.2.4
1.2.5