[Jython-bugs] [issue2555] CVE-2016-5699

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

New submission from James Duffy:

The following vulnerability was identified in Python 2.7

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5699

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.

I see the latest jar of Jython doesn't include the fix for this. Is this going to be patched any time?

Thanks!

----------
components: Library
messages: 11111
nosy: jduffy3
severity: normal
status: open
title: CVE-2016-5699
type: security
versions: Jython 2.7

_______________________________________
Jython tracker <re...@bu...>
<http://bugs.jython.org/issue2555>
_______________________________________