CNNVD-202601-3167 Information

CNNVD ID

CNNVD-202601-3167

Related CVE

CVE-2025-15282

• CNNVD Published: 2026-01-20

Description (Chinese)

CPython是Python基金会的一个用C语言实现的Python解释器。 CPython存在安全漏洞，该漏洞源于解析用户控制的数据URL时允许通过换行符注入标头。

Description (English)

CPython is a Python interpreter for the Python Foundation in the C language. There is a security loophole in CPython, which results from allowing the header to be injected through line breaks when the user-controlled URL is decrypted.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Python

Published

2026-01-20

Last Modified

2026-02-24

References

https://github.com/python/cpython/commit/f25509e78e8be6ea73c811ac2b8c928c28841b9f https://github.com/python/cpython/issues/143925 https://github.com/python/cpython/pull/143926 https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/

Patch

https://github.com/python/cpython/tags