GHSA-g345-7jg6-m22pMedium
When using the "configparser" module to write configuration files containing multi-line text...
🔗 CVE IDs covered (1)
📋 Description
When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters (\r) the resulting file could be injected with unexpected keys and values if the attacker controls the written value.
🔗 References (6)
- https://nvd.nist.gov/vuln/detail/CVE-2026-0864
- https://github.com/python/cpython/issues/143927
- https://github.com/python/cpython/pull/151559
- https://github.com/python/cpython/commit/5858e42c539dac8394636a6e9b30472b8994851f
- https://mail.python.org/archives/list/[email protected]/thread/CV4NE6AFCRJL7XQOHX7J5TSDHUWVWGJS
- https://github.com/advisories/GHSA-g345-7jg6-m22p