git.ipfire.org Git - thirdparty/Python/cpython.git/commit

]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit

projects / thirdparty / Python / cpython.git / commit

author	Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
	Mon, 16 Mar 2026 13:43:43 +0000 (13:43 +0000)
committer	GitHub <noreply@github.com>
	Mon, 16 Mar 2026 13:43:43 +0000 (14:43 +0100)
commit	57e88c1cf95e1481b94ae57abe1010469d47a6b4
tree	0344e27e14e7586c00756b0984291b4c33440eda	tree \| snapshot
parent	77632f085d0cec29c7576b8528849276109801a1	commit \| diff

gh-145599, CVE 2026-3644: Reject control characters in `http.cookies.Morsel.update()` (#145600)

Reject control characters in `http.cookies.Morsel.update()` and `http.cookies.BaseCookie.js_output`.

Co-authored-by: Victor Stinner <vstinner@python.org>
Co-authored-by: Victor Stinner <victor.stinner@gmail.com>

Lib/http/cookies.py		diff \| blob \| blame \| history
Lib/test/test_http_cookies.py		diff \| blob \| blame \| history
Misc/NEWS.d/next/Security/2026-03-06-17-03-38.gh-issue-145599.kchwZV.rst	[new file with mode: 0644]	blob

Mirror of https://github.com/python/cpython.git

RSS Atom