A flaw was found in django. On Python 3.9.5+, `URLValidator` didn't prohibited newlines and tabs which could lead to a header injection attack if these were used in an HTTP response. The highest threat from this vulnerability is to data confidentiality and integrity.
A flaw was found in django. On Python 3.9.5+, `URLValidator` didn't prohibited newlines and tabs which could lead to a header injection attack if these were used in an HTTP response. The highest threat from this vulnerability is to data confidentiality and integrity.