http.cookies.Morsel.js_output() returns an inline snippet and only escapes for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value.
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Python | Python | * | 3.15.0 (excluding) |
| Red Hat Enterprise Linux 10 | RedHat | python3.14-0:3.14.5-1.el10_2 | * |
| Red Hat Enterprise Linux 9 | RedHat | python3.14-0:3.14.5-1.el9_8 | * |
| Red Hat Hardened Images | RedHat | python3-14-main-3.14.5-2.hum1 | * |
| Red Hat Hardened Images | RedHat | python3-12-main-3.12.13-3.2.hum1 | * |
| Red Hat Hardened Images | RedHat | python3-13-main-3.13.14-1.1.hum1 | * |
| Red Hat Hardened Images | RedHat | python3-11-main-3.11.15-4.3.hum1 | * |
| Pypy3 | Ubuntu | questing | * |
| Python2.7 | Ubuntu | esm-infra/xenial | * |
| Python3.10 | Ubuntu | jammy | * |
| Python3.12 | Ubuntu | noble | * |
| Python3.13 | Ubuntu | questing | * |
| Python3.13 | Ubuntu | upstream | * |
| Python3.14 | Ubuntu | devel | * |
| Python3.14 | Ubuntu | questing | * |
| Python3.14 | Ubuntu | resolute | * |
| Python3.14 | Ubuntu | upstream | * |
| Python3.5 | Ubuntu | esm-infra/xenial | * |