CVE-2020-26137
Name
CVE-2020-26137
Description
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
NVD Severity
medium
Other trackers
CVE
,
NVD
,
CERT
,
CVE Details
,
CIRCL
,
Arch Linux
,
Debian
,
Red Hat
,
Ubuntu
,
Gentoo
,
SUSE (Bugzilla)
,
SUSE (CVE)
,
Mageia
Mailing lists
oss-security
,
full-disclosure
,
bugtraq
Exploits
Exploit DB
,
Metasploit
Forges
GitHub (
code
,
issues
), Aports (
code
,
issues
)
References
Type
URI
Issue Tracking
https://bugs.python.org/issue39603
Patch
https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b
Patch
https://github.com/urllib3/urllib3/pull/1800
UBUNTU
https://usn.ubuntu.com/4570-1/
MLIST
https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html
MISC
https://www.oracle.com/security-alerts/cpuoct2021.html
Match rules
CPE URI
Source package
Min version
Max version
cpe:2.3:a:python:urllib3:*:*:*:*:*:*:*:*
urllib3
>= None
< 1.25.9
Vulnerable and fixed packages
Source package
Branch
Version
Maintainer
Status