Homepage
About Snyk

pypiserver@1.1.3 vulnerabilities

A minimal PyPI server for use with pip/easy_install.

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the pypiserver package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
CRLF Injection

pypiserver is a minimal PyPI server for use with pip/easy_install.

Affected versions of this package are vulnerable to CRLF Injection due to not escaping new line characters when redirecting users.

How to fix CRLF Injection?

Upgrade pypiserver to version 1.2.6 or higher.

[,1.2.6)
  • M
CRLF Injection

pypiserver is a minimal PyPI server for use with pip/easy_install.

Affected versions of this package are vulnerable to CRLF Injection. A malicious user could set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI.

How to fix CRLF Injection?

Upgrade pypiserver to version 1.2.6 or higher.

[,1.2.6)
  • M
Cross-site Scripting (XSS)

pypiserveris a minimal PyPI server for use with pip/easy_install.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks.

[,1.1.7)
Go back to all versions of this package