Morph MORPH
SIGN IN SIGN UP
python / cpython UNCLAIMED

The Python programming language

0 0 16 Python

[3.14] gh-145599, CVE 2026-3644: Reject control characters in `http.cookies.Morsel.update()` (GH-145600) (#146023)

gh-145599, CVE 2026-3644: Reject control characters in `http.cookies.Morsel.update()` (GH-145600)

Reject control characters in `http.cookies.Morsel.update()` and `http.cookies.BaseCookie.js_output`.
(cherry picked from commit 57e88c1cf95e1481b94ae57abe1010469d47a6b4)

Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
Co-authored-by: Victor Stinner <vstinner@python.org>
Co-authored-by: Victor Stinner <victor.stinner@gmail.com>
M
Miss Islington (bot) committed
62ceb396fcbe69da1ded3702de586f4072b590dd
Parent: 8bc3aa9
Committed by GitHub <noreply@github.com> on 3/16/2026, 2:13:19 PM