← volver
CVE-2025-15282

Header injection via newlines in data URL mediatype

CVSS 6 MEDIUMEPSS 0.5%CWE-93
User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N
Productos afectados
Python Software Foundation · CPython

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/python/cpython/commit/05356b1cc153108aaf27f3b72ce438af4aa218c0https://github.com/python/cpython/commit/34d76b00dabde81a793bd06dd8ecb057838c4b38https://github.com/python/cpython/commit/3f396ca9d7bbe2a50ea6b8c9b27c0082884d9f80https://github.com/python/cpython/commit/4ed11d3cd288e6b90196a15c5a825a45d318fe47https://github.com/python/cpython/commit/a35ca3be5842505dab74dc0b90b89cde0405017ahttps://github.com/python/cpython/commit/f25509e78e8be6ea73c811ac2b8c928c28841b9fhttps://github.com/python/cpython/issues/143925https://github.com/python/cpython/pull/143926https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/