corrective update of the Python 3.8.5 programming language, in which several vulnerabilities:
- - looping the tarfile module when trying to open specially designed tar files.
- β crash when the Pickle module tries to process objects with a specially designed NEWOBJ_EX opcode.
- - the ability to substitute HTTP headers in the request through the use of newlines in the "method" parameter of the http.client module. For example: conn.request(method="GET / HTTP/1.1\r\nHost: abc\r\nRemainder:", url="/index.html"). The vulnerability was fixed earlier, but did not cover the protection of the http.client.putrequest method.
Source: opennet.ru