[MEDIUM] HTTP header injection using line breaks

PKSA-g4gm-fxmh-fsz6 CVE-2016-3166 GHSA-fg5q-r2q5-qmh3

Affected package: drupal/drupal

Affected version: >=8.0,<8.0.4

Reported by:
FriendsOfPHP/security-advisories, GitHub