Published: 15/04/2019 Updated: 13/06/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

In the urllib3 library up to and including 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.

Vulnerability Trend

Affected Products

Vendor Product Versions

Vendor Advisories

Debian Bug report logs - #927172 python-urllib3: CVE-2019-11236 Package: src:python-urllib3; Maintainer for src:python-urllib3 is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 15 Apr 2019 20:39:02 UTC Severity: important Tags ...
Several security issues were fixed in urllib3 ...

Github Repositories

Etrata CI Vuln Scanner What is it? This is a lightweight python script that will load/read a directory of CVEs and allow you to search on them Usage etrata -n struts -v 2332 >'CVE-2017-9787', >'CVE-2017-9791', >'CVE-2017-9793', >'CVE-2017-9804', >'CVE-2017-9805', >'CVE-2018