Morph MORPH
SIGN IN SIGN UP
python / cpython UNCLAIMED

The Python programming language

0 0 13 Python

gh-145599, CVE 2026-3644: Reject control characters in `http.cookies.Morsel.update()` (#145600)

Reject control characters in `http.cookies.Morsel.update()` and `http.cookies.BaseCookie.js_output`.

Co-authored-by: Victor Stinner <vstinner@python.org>
Co-authored-by: Victor Stinner <victor.stinner@gmail.com>
S
Stan Ulbrych committed
57e88c1cf95e1481b94ae57abe1010469d47a6b4
Parent: 77632f0
Committed by GitHub <noreply@github.com> on 3/16/2026, 1:43:43 PM