TODO list for this python-security documentation.
- Get Red Hat impact from a Red Hat URL?
Add https://hackerone.com/reports/26647 vulnerability.
- https://bugs.python.org/issue16611
- #16611: BaseCookie now parses 'secure' and 'httponly' flags.
- https://bugs.python.org/issue22796
- Regression in Python 3.2 cookie parsing
- https://bugs.python.org/issue25228
- Support for httponly/secure cookies reintroduced lax parsing behavior
- https://code.djangoproject.com/ticket/26158
- cookie parsing fails with python 3.x if request contains unnamed cookie
YAML template:
- name: "Issue #22796"
summary: >
hardened HTTP cookie parsing
links:
- http://bugs.python.org/issue22796
disclosure: "2014-11-04 (issue #22796 created)"
fixed-in:
- b1e36073cdde71468efa27e88016aa6dd46f3ec7 # 3.x
description: >
HTTP cookie parsing is now stricter, in order to protect against potential
injection attacks.
Reported by Tim Graham.