CVE-2020-26116

Updated: 2024-11-21 23:20:16.499138

Description:

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 6.4
CVSS Version 3.x HIGH 7.2

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9 Python python2 2.7.18 7.2 HIGH Already Fixed 2023-11-15 08:20:26