CVE-2019-11236: Improper Neutralization of CRLF Sequences in urllib3 library for Python
(updated )
In the urllib3 library through 1.24.2 for Python, CRLF injection is possible if the attacker controls the request parameter.
References
- access.redhat.com/errata/RHSA-2019:2272
- access.redhat.com/errata/RHSA-2019:3335
- access.redhat.com/errata/RHSA-2019:3590
- github.com/advisories/GHSA-r64q-w8jr-g9qp
- github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2019-132.yaml
- github.com/urllib3/urllib3
- github.com/urllib3/urllib3/issues/1553
- lists.debian.org/debian-lts-announce/2019/06/msg00016.html
- lists.debian.org/debian-lts-announce/2021/06/msg00015.html
- lists.debian.org/debian-lts-announce/2023/10/msg00012.html
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2
- nvd.nist.gov/vuln/detail/CVE-2019-11236
- usn.ubuntu.com/3990-1
- usn.ubuntu.com/3990-2
Detect and mitigate CVE-2019-11236 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →