Samwcyo

**Name of the Vulnerable Software and Affected Versions** pypiserver versions 1.2.5 and below **Description** The issue allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a `%0d%0a` in a URI. This is a result of a CRLF Injection in the software. **Recommendations** For pypiserver versions 1.2.5 and below, consider restricting access to the software until a patch is available, and avoid using URIs that contain `%0d%0a` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.