CVE-2019-11236

Опубликовано: 15 апр. 2019

Источник: debian

Описание

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.

Пакет	Статус	Версия исправления	Релиз	Тип
python-urllib3	fixed	1.25.6-1	experimental	package
python-urllib3	fixed	1.25.6-4		package

https://github.com/urllib3/urllib3/issues/1553
https://github.com/urllib3/urllib3/commit/9b76785331243689a9d52cef3db05ef7462cb02d
https://github.com/urllib3/urllib3/commit/efddd7e7bad26188c3b692d1090cba768afa9162

CVE-2019-11236

CVSS3: 6.1

ubuntu

около 6 лет назад

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.

CVE-2019-11236

CVSS3: 6.5

redhat

больше 6 лет назад

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.

CVE-2019-11236

CVSS3: 6.1

nvd

около 6 лет назад

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.

CVE-2019-11236

CVSS3: 6.1

msrc

больше 4 лет назад

Описание отсутствует

GHSA-r64q-w8jr-g9qp

CVSS3: 6.1

github

около 3 лет назад

Improper Neutralization of CRLF Sequences in urllib3 library for Python