VYPR

PyPI package

microdot

pkg:pypi/microdot

Vulnerabilities (1)

  • CVE-2026-42874LowMay 11, 2026
    affected < 2.6.1fixed 2.6.1

    Microdot is a minimalistic Python web framework. Prior to 2.6.1, the Response.set_cookie() method does not sanitize its string arguments, and in particular will not detect the presence of the \r\n sequence in them. This can be a potential source of header injection attacks. For a