When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters (\r) the resulting file could be injected with unexpected keys and values if the attacker controls the written value.
| Vendor | Product | Versions |
|---|---|---|
| python software foundation | cpython | 0 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| open source | python | cert_advisory | 90% |
Updated severity to CRITICAL, added affected versions 3.14.x, and corrected exploit availability.
Initial creation
