Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-26137

Опубликовано: 30 сент. 2020
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.4
CVSS3: 6.5

Описание

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

РелизСтатусПримечание
bionic

released

9.0.1-2.3~ubuntu1.18.04.3
devel

not-affected

20.1.1-2
esm-apps/bionic

released

9.0.1-2.3~ubuntu1.18.04.3
esm-apps/focal

released

20.0.2-5ubuntu1.1
esm-apps/jammy

not-affected

20.1.1-2
esm-apps/noble

not-affected

20.1.1-2
esm-apps/xenial

released

8.1.1-2ubuntu0.6
esm-infra-legacy/trusty

needed

focal

released

20.0.2-5ubuntu1.1
groovy

not-affected

20.1.1-2

Показывать по

РелизСтатусПримечание
bionic

released

1.22-1ubuntu0.18.04.2
devel

not-affected

1.25.9-1
esm-infra-legacy/trusty

needed

esm-infra/bionic

released

1.22-1ubuntu0.18.04.2
esm-infra/focal

released

1.25.8-2ubuntu0.1
esm-infra/xenial

released

1.13.1-2ubuntu0.16.04.4
focal

released

1.25.8-2ubuntu0.1
groovy

not-affected

1.25.9-1
hirsute

not-affected

1.25.9-1
impish

not-affected

1.25.9-1

Показывать по

Ссылки на источники

EPSS

Процентиль: 47%
0.00239
Низкий

6.4 Medium

CVSS2

6.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2020-26137

CVSS3: 6.5
redhat
больше 5 лет назад

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

nvd логотип

CVE-2020-26137

CVSS3: 6.5
nvd
около 5 лет назад

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

msrc логотип

CVE-2020-26137

CVSS3: 6.5
msrc
почти 5 лет назад

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

debian логотип

CVE-2020-26137

CVSS3: 6.5
debian
около 5 лет назад

urllib3 before 1.25.9 allows CRLF injection if the attacker controls t ...

suse-cvrf логотип

openSUSE-SU-2021:2817-1

suse-cvrf
около 4 лет назад

Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3

EPSS

Процентиль: 47%
0.00239
Низкий

6.4 Medium

CVSS2

6.5 Medium

CVSS3