[security] Disallow usage of control characters in status, headers and values for security in Lib/wsgiref/handlers.py

[benediktjohannes]

This issue is opened as public as the primary described CVE is already publicated and this only contains one certain point that has to be changed in code in Python.

In Lib/wsgiref/handlers.py at 260 (def _convert_string_type(self, value, title):) it is necessary to add the same fix as in #143916 requested as well.

Linked PRs

• gh-144370: Disallow usage of control characters in status, headers and values for security #144371

[benediktjohannes]

@picnixz please also reopen the issue (see the explaination in the PR), thanks!

[picnixz]

In this case please reformulate the title as the other issue. And be sure that this issue is in scope wrt RFCs and PEPs.