Fedora Account System
Red Hat Associate
Red Hat Customer
A flaw was found in Django. django.core.validators.DomainNameValidator accepted newline characters in domain names. If validated values are placed directly into HTTP response headers outside Django's form handling, a remote attacker could inject additional headers.
Created attachment 2147816 [details] 0003-5.2.x-Fixed-CVE-2026-53878-Prevented-newlines-from-b.patch
Created attachment 2147817 [details] 0003-6.0.x-Fixed-CVE-2026-53878-Prevented-newlines-from-b.patch
Created attachment 2147818 [details] 0003-6.1.x-Fixed-CVE-2026-53878-Prevented-newlines-from-b.patch
Created attachment 2147819 [details] 0003-Fixed-CVE-2026-53878-Prevented-newlines-from-being-a.patch