Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2019-11236

Published: April 15, 2019Last modified: October 9, 2023

Description

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.

Severity score breakdown

ParameterValue
Base score6.1
Attack VectorNETWORK
Attack complexityLOW
Privileges requiredNONE
User interactionREQUIRED
ScopeCHANGED
ConfidentialityLOW
Integrity impactLOW
Availability impactNONE
VectorCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSpy3-urllib3Not affected (1.26.12-r1)
Streampy3-urllib3Not affected (1.26.16-r0)

References

ON THIS PAGE