CVE-2020-26137

Updated: 2023-11-04 20:39:06.189252

Description:

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 6.4
CVSS Version 3.x MEDIUM 6.5

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9 Python python2 2.7.18 6.5 MEDIUM Ignored 2023-11-15 08:20:26