CVE-2019-6802: CRLF Injection in pypiserver
(updated )
CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI.
References
- github.com/advisories/GHSA-mh24-7wvg-v88g
- github.com/pypa/advisory-database/tree/main/vulns/pypiserver/PYSEC-2019-113.yaml
- github.com/pypiserver/pypiserver
- github.com/pypiserver/pypiserver/commit/1375a67c55a9b8d4619df30d2a1c0b239d7357e6
- github.com/pypiserver/pypiserver/issues/237
- nvd.nist.gov/vuln/detail/CVE-2019-6802
Detect and mitigate CVE-2019-6802 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →