Opened 12 years ago

Closed 12 years ago

#1135 closed defect (fixed)

Check django.core.mail against SMTP header injection attacks

Reported by: Simon Willison Owned by: Adrian Holovaty
Component: Core (Other) Version:
Severity: normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:


James Bennett brought this up here:

We should make sure that Django's built in email stuff is defended against SMTP header injection attacks, as described here:

I'm not sure if Python's smtplib protects us here or not.

Change History (1)

comment:1 Changed 12 years ago by Adrian Holovaty

Resolution: fixed
Status: newclosed

(In [1795]) Fixed #1135 -- Changed django.core.mail functions not to allow newlines in headers

Note: See TracTickets for help on using tickets.
Back to Top