FLAT-EMYBC – Vulnerability | Fluid Attacks Database

Database

Description

User-controlled header names and values containing newlines can allow injecting HTTP headers.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	pypy3	=7.3.19+dfsg-2 \|\| =7.3.20+dfsg-1 \|\| =7.3.20+dfsg-2 \|\| =7.3.20+dfsg-3 \|\| =7.3.20+dfsg-4 \|\| =7.3.21+dfsg-1 \|\| =7.3.21+dfsg-2 \|\| =7.3.21+dfsg-3 \|\| =7.3.21+dfsg-4 \|\| =7.3.22+dfsg-1	-
debian 14	python3.14	=3.14.0-1 \|\| =3.14.0-2 \|\| =3.14.0-3 \|\| =3.14.0-4 \|\| =3.14.0-5 \|\| =3.14.0~a7-1 \|\| =3.14.0~b1-1 \|\| =3.14.0~b2-1 \|\| =3.14.0~b3-1 \|\| =3.14.0~b4-1 \|\| =3.14.0~rc1-1 \|\| =3.14.0~rc2-1 \|\| =3.14.0~rc3-1 \|\| =3.14.2-1 \|\| >=0 <3.14.3-1	3.14.3-1
debian 11	pypy3	=7.3.10+dfsg-1 \|\| =7.3.10~rc3+dfsg-1 \|\| =7.3.10~rc3+dfsg-2 \|\| =7.3.11+dfsg-1 \|\| =7.3.11+dfsg-2 \|\| =7.3.12+dfsg-1 \|\| =7.3.12~rc1+dfsg-1 \|\| =7.3.12~rc2+dfsg-1 \|\| =7.3.13+dfsg-1 \|\| =7.3.14+dfsg-1 \|\| =7.3.15+dfsg-1 \|\| =7.3.16+dfsg-1 \|\| =7.3.16+dfsg-2 \|\| =7.3.17+dfsg-1 \|\| =7.3.17+dfsg-2 \|\| =7.3.17+dfsg-3 \|\| =7.3.18+dfsg-1 \|\| =7.3.18+dfsg-2 \|\| =7.3.19+dfsg-1 \|\| =7.3.19+dfsg-2 \|\| =7.3.20+dfsg-1 \|\| =7.3.20+dfsg-2 \|\| =7.3.20+dfsg-3 \|\| =7.3.20+dfsg-4 \|\| =7.3.21+dfsg-1 \|\| =7.3.21+dfsg-2 \|\| =7.3.21+dfsg-3 \|\| =7.3.21+dfsg-4 \|\| =7.3.22+dfsg-1 \|\| =7.3.5+dfsg-2 \|\| =7.3.5+dfsg-2+deb11u1 \|\| =7.3.5+dfsg-2+deb11u2 \|\| =7.3.5+dfsg-2+deb11u3 \|\| =7.3.5+dfsg-2+deb11u4 \|\| =7.3.5+dfsg-2+deb11u5 \|\| =7.3.6+dfsg-1 \|\| =7.3.6~rc2+dfsg-1 \|\| =7.3.6~rc2+dfsg-2 \|\| =7.3.7+dfsg-1 \|\| =7.3.7+dfsg-2 \|\| =7.3.7+dfsg-3 \|\| =7.3.7+dfsg-4 \|\| =7.3.7+dfsg-5 \|\| =7.3.8+dfsg-1 \|\| =7.3.8+dfsg-2 \|\| =7.3.8~rc1+dfsg-1 \|\| =7.3.8~rc1+dfsg-2 \|\| =7.3.9+dfsg-1 \|\| =7.3.9+dfsg-2 \|\| =7.3.9+dfsg-3 \|\| =7.3.9+dfsg-4 \|\| =7.3.9+dfsg-5	-
debian 12	pypy3	=7.3.11+dfsg-2 \|\| =7.3.11+dfsg-2+deb12u1 \|\| =7.3.11+dfsg-2+deb12u2 \|\| =7.3.11+dfsg-2+deb12u3 \|\| =7.3.12+dfsg-1 \|\| =7.3.12~rc1+dfsg-1 \|\| =7.3.12~rc2+dfsg-1 \|\| =7.3.13+dfsg-1 \|\| =7.3.14+dfsg-1 \|\| =7.3.15+dfsg-1 \|\| =7.3.16+dfsg-1 \|\| =7.3.16+dfsg-2 \|\| =7.3.17+dfsg-1 \|\| =7.3.17+dfsg-2 \|\| =7.3.17+dfsg-3 \|\| =7.3.18+dfsg-1 \|\| =7.3.18+dfsg-2 \|\| =7.3.19+dfsg-1 \|\| =7.3.19+dfsg-2 \|\| =7.3.20+dfsg-1 \|\| =7.3.20+dfsg-2 \|\| =7.3.20+dfsg-3 \|\| =7.3.20+dfsg-4 \|\| =7.3.21+dfsg-1 \|\| =7.3.21+dfsg-2 \|\| =7.3.21+dfsg-3 \|\| =7.3.21+dfsg-4 \|\| =7.3.22+dfsg-1	-
debian 11	python2.7	=2.7.18-10 \|\| =2.7.18-11 \|\| =2.7.18-12 \|\| =2.7.18-13 \|\| =2.7.18-13.1 \|\| =2.7.18-13.1~exp1 \|\| =2.7.18-13.2 \|\| =2.7.18-8 \|\| =2.7.18-8+deb11u1 \|\| =2.7.18-9	-
debian 12	python3.11	=3.11.2-6 \|\| =3.11.2-6+deb12u1 \|\| =3.11.2-6+deb12u2 \|\| =3.11.2-6+deb12u3 \|\| =3.11.2-6+deb12u4 \|\| =3.11.2-6+deb12u5 \|\| =3.11.2-6+deb12u6 \|\| >=0 <3.11.2-6+deb12u7	3.11.2-6+deb12u7
debian 12	jython	=2.7.3+repack1-1	-
debian 13	jython	=2.7.3+repack1-1	-
debian 11	python3.9	=3.9.2-1 \|\| =3.9.2-1+deb11u1 \|\| =3.9.2-1+deb11u2 \|\| =3.9.2-1+deb11u3 \|\| =3.9.2-1+deb11u4 \|\| >=0 <3.9.2-1+deb11u5	3.9.2-1+deb11u5
debian 11	jython	=2.7.2+repack1-3 \|\| =2.7.2+repack1-4 \|\| =2.7.2+repack1-5 \|\| =2.7.3+repack1-1	-

1-10 of 33

10

Aliases

1. CVE-2026-08652. NVD-2026-08653. OSV-DEBIAN-2026-08654. OSV-2026-08655. SECURITY-TRACKER-CVE-2026-0865

FLAT-EMYBC – Vulnerability | Fluid Attacks Database