CVE-2025-15282 | THREATINT

Description

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.

PUBLISHED Reserved 2025-12-29 | Published 2026-01-20 | Updated 2026-02-11 | Assigner PSF

MEDIUM: 6.0CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N

Problem types

Product status

Default status

unaffected

Any version before 3.13.12

affected

3.14.0 (python) before 3.14.3

affected

3.15.0a1 (python) before 3.15.0a6

affected

Credits

Omar M. Hasan reporter

References

github.com/python/cpython/pull/143926 patch

github.com/python/cpython/issues/143925 issue-tracking

mail.python.org/.../thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/ vendor-advisory

github.com/...ommit/f25509e78e8be6ea73c811ac2b8c928c28841b9f patch

github.com/...ommit/05356b1cc153108aaf27f3b72ce438af4aa218c0 patch

github.com/...ommit/34d76b00dabde81a793bd06dd8ecb057838c4b38 patch

github.com/...ommit/3f396ca9d7bbe2a50ea6b8c9b27c0082884d9f80 patch

github.com/...ommit/4ed11d3cd288e6b90196a15c5a825a45d318fe47 patch

github.com/...ommit/a35ca3be5842505dab74dc0b90b89cde0405017a patch

cve.org (CVE-2025-15282)

nvd.nist.gov (CVE-2025-15282)

Download JSON

help @ threatint.eu