CVE-2019-25101

Advisory

A vulnerability classified as critical has been found in OnShift TurboGears. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely.
# The fix commit belongs to a fork version of TurboGears that is not in PyPi.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

• https://github.com/advisories/GHSA-8q38-w56m-qq2c
• https://nvd.nist.gov/vuln/detail/CVE-2019-25101
• https://github.com/OnShift/turbogears/pull/18
• https://github.com/OnShift/turbogears/commit/f68bbaba47f4474e1da553aa51564a73e1d92a84
• https://github.com/OnShift/turbogears
• https://github.com/OnShift/turbogears/releases/tag/v1.0.11.11
• https://vuldb.com/?ctiid.220059
• https://vuldb.com/?id.220059
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25101