Описание
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 9.0.1-2.3~ubuntu1.18.04.3 |
| devel | not-affected | 20.1.1-2 |
| esm-apps/bionic | released | 9.0.1-2.3~ubuntu1.18.04.3 |
| esm-apps/focal | released | 20.0.2-5ubuntu1.1 |
| esm-apps/jammy | not-affected | 20.1.1-2 |
| esm-apps/noble | not-affected | 20.1.1-2 |
| esm-apps/xenial | released | 8.1.1-2ubuntu0.6 |
| esm-infra-legacy/trusty | needed | |
| focal | released | 20.0.2-5ubuntu1.1 |
| groovy | not-affected | 20.1.1-2 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1.22-1ubuntu0.18.04.2 |
| devel | not-affected | 1.25.9-1 |
| esm-infra-legacy/trusty | needed | |
| esm-infra/bionic | released | 1.22-1ubuntu0.18.04.2 |
| esm-infra/focal | released | 1.25.8-2ubuntu0.1 |
| esm-infra/xenial | released | 1.13.1-2ubuntu0.16.04.4 |
| focal | released | 1.25.8-2ubuntu0.1 |
| groovy | not-affected | 1.25.9-1 |
| hirsute | not-affected | 1.25.9-1 |
| impish | not-affected | 1.25.9-1 |
Показывать по
6.4 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
urllib3 before 1.25.9 allows CRLF injection if the attacker controls t ...
Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3
6.4 Medium
CVSS2
6.5 Medium
CVSS3