CVE-2020-26137

Injection Vulnerability in pypi/urllib3

Identifiers

CVE-2020-26137

Package Slug

pypi/urllib3

Vulnerability

Injection Vulnerability

Description

urllib3 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

Affected Versions

All versions before 1.25.9

Solution

Upgrade to version 1.25.9 or above.

Last Modified

2020-10-15

source