CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) prior to 2.7.10 and 3.x prior to 3.4.4 allows remote malicious users to inject arbitrary HTTP headers via CRLF sequences in a URL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
python python |
||
python python 3.1.1 |
||
python python 3.3.2 |
||
python python 3.0 |
||
python python 3.0.1 |
||
python python 3.2.2 |
||
python python 3.1.0 |
||
python python 3.2.5 |
||
python python 3.1.5 |
||
python python 3.3.6 |
||
python python 3.4.0 |
||
python python 3.2.1 |
||
python python 3.2.0 |
||
python python 3.3.1 |
||
python python 3.4.3 |
||
python python 3.1.2 |
||
python python 3.3.4 |
||
python python 3.3.5 |
||
python python 3.2.3 |
||
python python 3.2.6 |
||
python python 3.3.0 |
||
python python 3.4.2 |
||
python python 3.3.3 |
||
python python 3.2.4 |
||
python python 3.4.1 |
||
python python 3.1.3 |
||
python python 3.1.4 |