1 results (0.017 seconds)
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-6802
https://notcve.org/view.php?id=CVE-2019-6802
CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI. Una inyección CRLF en pypiserver, en sus versiones 1.2.5 y anteriores, permite a los atacantes establecer cabeceras HTTP arbitrarias y realizar ataques de Cross-Site Scripting (XSS) mediante %0d%0a en una URI. • https://github.com/pypiserver/pypiserver/issues/237 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •