urllib3 prior to 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
python urllib3 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 20.04 |
||
canonical ubuntu linux 16.04 |
||
debian debian linux 9.0 |
||
oracle zfs storage appliance kit 8.8 |
||
oracle communications cloud native core network function cloud native environment 22.2.0 |