Python wsgiref Header Injection Vulnerability via Control Characters
Vulnerability
A vulnerability exists in the Python standard library module wsgiref, specifically within the Headers class. User-controlled header names and values that include newlines can be used to inject additional HTTP headers. This issue has been addressed in Python versions 3.10, 3.11, 3.12, 3.13, 3.14.
Impact
Exploitation of this vulnerability allows for HTTP header injection, which can lead to various attacks such as cross-site scripting or email header injection.
Reproduction
To reproduce this vulnerability, create an instance of the wsgiref.headers.Headers class and use the __setitem__ method or the add_header method to add a header. Include a C0 control character, such as a newline, in the header name or value. The Headers class will raise a ValueError if control characters are detected, but this validation was not present before the vulnerability was introduced.
Remediation
Users can upgrade to Python versions 3.10, 3.11, 3.12, 3.13, or 3.14 to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.