Updated: 2026-02-06 03:13:16.087692
Description:
User-controlled header names and values containing newlines can allow injecting HTTP headers.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0.0 |
| CVSS Version 3.x | MEDIUM | 4.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| CentOS 8.4 ELS | python3 | 3.6.8 | 4.5 | MEDIUM | Ignored | 2026-02-07 12:57:42 | This can be deprioritized because exploitation requires network access to an already high‑privileg... | |
| CentOS 8.4 ELS | python2 | 2.7.18 | 4.5 | MEDIUM | Ignored | 2026-02-07 12:57:46 | This can be deprioritized because exploitation requires network access to an already high‑privileg... | |
| CentOS 8.5 ELS | python2 | 2.7.18 | 4.5 | MEDIUM | Ignored | 2026-02-07 12:57:47 | This can be deprioritized because exploitation requires network access to an already high‑privileg... | |
| CentOS 8.5 ELS | python3 | 3.6.8 | 4.5 | MEDIUM | Ignored | 2026-02-07 12:57:43 | This can be deprioritized because exploitation requires network access to an already high‑privileg... | |
| CentOS Stream 8 ELS | python2 | 2.7.18 | 4.5 | MEDIUM | Ignored | 2026-02-07 12:57:47 | This can be deprioritized because exploitation requires network access to an already high‑privileg... | |
| Ubuntu 16.04 ELS | python3.5 | 3.5.2 | 4.5 | MEDIUM | Needs Triage | 2026-02-09 20:05:49 | This issue only manifests when application code constructs HTTP headers directly from untrusted inpu... | |
| Ubuntu 18.04 ELS | python3.6 | 3.6.9-1 | 4.5 | MEDIUM | Needs Triage | 2026-02-09 20:05:46 | This issue only manifests when application code constructs HTTP headers directly from untrusted inpu... |