Alpaquita Linux
Security Advisory

CVE-2020-26137

Published: August 31, 2023Last modified: August 31, 2023

Description

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

Severity score breakdown

ParameterValue
Base score6.5
Attack VectorNETWORK
Attack complexityLOW
Privileges requiredNONE
User interactionNONE
ScopeUNCHANGED
ConfidentialityLOW
Integrity impactLOW
Availability impactNONE
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSpy3-urllib3Not affected (1.26.12-r1)
Streampy3-urllib3Not affected (1.26.16-r0)

References

ON THIS PAGE