CVE-2020-26116

Updated: 2023-11-07 19:04:24.954351

Description:

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 6.4
CVSS Version 3.x HIGH 7.2

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9 Python python2 2.7.18 7.2 HIGH Already Fixed 2023-11-15 08:20:26