http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
History
No history.
Information
Published : 2020-09-27 04:15
Updated : 2024-11-21 05:19
NVD link : CVE-2020-26116
Mitre link : CVE-2020-26116
CVE.ORG link : CVE-2020-26116
JSON object : View
Products Affected
python
- python
netapp
- hci_compute_node
- solidfire
- hci_storage_node
fedoraproject
- fedora
opensuse
- leap
debian
- debian_linux
canonical
- ubuntu_linux
oracle
- zfs_storage_appliance_kit
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')