QwikSec

Security Database

CVE

CWE

Training

CVE-2020-26116

Published: Sep 27, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://python-security.readthedocs.io/vuln/http-header-injection-method.html

https://bugs.python.org/issue39603

FEDORA-2020-221823ebdd

vendor-advisory

FEDORA-2020-887d3fa26f

vendor-advisory

FEDORA-2020-d30881c970

vendor-advisory

vendor-advisory

FEDORA-2020-e33acdea18

vendor-advisory

openSUSE-SU-2020:1859

vendor-advisory

FEDORA-2020-d42cb01973

vendor-advisory

[debian-lts-announce] 20201119 [SECURITY] [DLA 2456-1] python3.5 security update

mailing-list

vendor-advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

https://security.netapp.com/advisory/ntap-20201023-0001/

[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.