pypiserver is vulnerable to CRLF injection. A remote attacker is able to inject newline characters %0d%0a
into the server response and create arbitrary HTTP headers or perform cross-site scripting attacks. This is due to unescaped values being passed from a client and used directly for redirects.