Nixpkgs security tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2026-0865

created 4 months ago Activity log

Created suggestion 4 months ago

wsgiref.headers.Headers allows header newline injection

User-controlled header names and values containing newlines can allow injecting HTTP headers.

References

Affected products

CPython

<3.13.12
<3.15.0
<3.15.0a6
<3.14.3

Matching in nixpkgs

pkgs.haskellPackages.cpython

Bindings for libpython

nixos-unstable 3.9.0
- nixpkgs-unstable 3.9.0
- nixos-unstable-small 3.9.0

Package maintainers

@sheepforce Phillip Seeber <phillip.seeber@googlemail.com>