Reject control characters in more places in `http.cookies.Morsel` #145599

Closed

Assignees

Labels

stdlibtype-security

StanFromIreland

opened

Linked PRs

gh-145599: Reject control characters in http.cookies.Morsel.update() and http.cookies.BaseCookie.js_output #145600
[3.14] gh-145599, CVE 2026-3644: Reject control characters in http.cookies.Morsel.update() (GH-145600) #146023
[3.13] gh-145599, CVE 2026-3644: Reject control characters in http.cookies.Morsel.update() (GH-145600) #146024
[3.12] gh-145599, CVE 2026-3644: Reject control characters in http.cookies.Morsel.update() (GH-145600) #146025
[3.11] gh-145599, CVE 2026-3644: Reject control characters in http.cookies.Morsel.update() (GH-145600) #146026
[3.10] gh-145599, CVE 2026-3644: Reject control characters in http.cookies.Morsel.update() (#145600) #146027

Metadata

Assignees

StanFromIreland

Labels

stdlibtype-security

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests