Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-11236

Опубликовано: 13 мар. 2019
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.

Отчет

This issue affects the version of python-urllib3 shipped with Red Hat Gluster Storage 3, as it is vulnerable to CRLF injection. Red Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected critical and important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information. In Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6python-urllib3Will not fix
Red Hat Enterprise Linux 8python36:3.6/python-virtualenvNot affected
Red Hat OpenShift Container Platform 3.10python-urllib3Out of support scope
Red Hat OpenShift Container Platform 3.11python-urllib3Will not fix
Red Hat OpenShift Container Platform 3.6python-urllib3Out of support scope
Red Hat OpenShift Container Platform 3.7python-urllib3Out of support scope
Red Hat OpenShift Container Platform 3.9python-urllib3Out of support scope
Red Hat OpenStack Platform 10 (Newton)python-urllib3Will not fix
Red Hat OpenStack Platform 13 (Queens)python-urllib3Will not fix
Red Hat OpenStack Platform 14 (Rocky)python-urllib3Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-113
https://bugzilla.redhat.com/show_bug.cgi?id=1700824python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service

EPSS

Процентиль: 69%
0.00636
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-11236

CVSS3: 6.1
ubuntu
около 6 лет назад

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.

nvd логотип

CVE-2019-11236

CVSS3: 6.1
nvd
около 6 лет назад

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.

msrc логотип

CVE-2019-11236

CVSS3: 6.1
msrc
больше 4 лет назад

Описание отсутствует

debian логотип

CVE-2019-11236

CVSS3: 6.1
debian
около 6 лет назад

In the urllib3 library through 1.24.1 for Python, CRLF injection is po ...

github логотип

GHSA-r64q-w8jr-g9qp

CVSS3: 6.1
github
около 3 лет назад

Improper Neutralization of CRLF Sequences in urllib3 library for Python

EPSS

Процентиль: 69%
0.00636
Низкий

6.5 Medium

CVSS3