TODO list

TODO list for this python-security documentation.

  • Get Red Hat impact from a Red Hat URL?


Add vulnerability.
#16611: BaseCookie now parses ‘secure’ and ‘httponly’ flags.
Regression in Python 3.2 cookie parsing
Support for httponly/secure cookies reintroduced lax parsing behavior
cookie parsing fails with python 3.x if request contains unnamed cookie

YAML template:

- name: "Issue #22796"
  summary: >
    hardened HTTP cookie parsing
  disclosure: "2014-11-04 (issue #22796 created)"
   - b1e36073cdde71468efa27e88016aa6dd46f3ec7 # 3.x
  description: >
    HTTP cookie parsing is now stricter, in order to protect against potential
    injection attacks.

    Reported by Tim Graham.