Svi
Pretraži prema proizvođaču
Pretraži prema CWE oznaci
O usluzi
Pretplate
Jezik
hr
en
CVE-2026-0672 - CERT CVE
CVE-2026-0672
ID
CVE-2026-0672
Sažetak
When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.
Reference
https://github.com/python/cpython/commit/62700107418eb2cca3fc88da036a243ea975f172
https://github.com/python/cpython/commit/712452e6f1d4b9f7f8c4c92ebfcaac1705faa440
https://github.com/python/cpython/commit/7852d72b653fea0199acf5fc2a84f6f8b84eba8d
https://github.com/python/cpython/commit/918387e4912d12ffc166c8f2a38df92b6ec756ca
https://github.com/python/cpython/commit/95746b3a13a985787ef53b977129041971ed7f70
https://github.com/python/cpython/commit/b1869ff648bbee0717221d09e6deff46617f3e85
https://github.com/python/cpython/issues/143919
https://github.com/python/cpython/pull/143920
https://mail.python.org/archives/list/security-announce@python.org/thread/6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M/
CVSS
Base:
0.0
Impact:
None
Exploitability:
None
Pristup
Vektor
Složenost
Autentikacija
None
None
None
Impact
Povjerljivost
Cjelovitost
Dostupnost
None
None
None
CVSS vektor
None
Zadnje važnije ažuriranje
26-01-2026 - 15:16
Objavljeno
20-01-2026 - 22:15
