-
-
Notifications
You must be signed in to change notification settings - Fork 34.4k
HTTP proxy via "CONNECT" tunneling doesn't sanitize CR/LF #146211
Copy link
Copy link
Open
Labels
3.10only security fixesonly security fixes3.11only security fixesonly security fixes3.12only security fixesonly security fixes3.13bugs and security fixesbugs and security fixes3.14bugs and security fixesbugs and security fixes3.15new features, bugs and security fixesnew features, bugs and security fixesstdlibStandard Library Python modules in the Lib/ directoryStandard Library Python modules in the Lib/ directorytype-securityA security issueA security issue
Description
Metadata
Metadata
Assignees
Labels
3.10only security fixesonly security fixes3.11only security fixesonly security fixes3.12only security fixesonly security fixes3.13bugs and security fixesbugs and security fixes3.14bugs and security fixesbugs and security fixes3.15new features, bugs and security fixesnew features, bugs and security fixesstdlibStandard Library Python modules in the Lib/ directoryStandard Library Python modules in the Lib/ directorytype-securityA security issueA security issue
Bug report
Bug description:
HTTP proxy via "CONNECT" tunneling doesn't sanitize CR/LF. Should sanitize the input of
.set_tunnel()to avoid header splitting.CPython versions tested on:
CPython main branch
Operating systems tested on:
Other, Linux
Linked PRs