http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
History
07 Nov 2023, 03:20
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
24 May 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-74 | |
References |
|
07 Dec 2021, 19:55
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:* cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QOX7DGMMWWL6POCRYGAUCISOLR2IG3XV/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HDQ2THWU4GPV4Y5H5WW5PFMSWXL2CRFD/ - Mailing List, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4581-1/ - Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20201023-0001/ - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00027.html - Mailing List, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202101-18 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXI72HIHMXCQFWTULUXDG7VDA2BCYL4Y/ - Mailing List, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/11/msg00032.html - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWMAVY4T4257AZHTF2RZJKNJNSJFY24O/ - Mailing List, Third Party Advisory |
20 Oct 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Jan 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-09-27 04:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-26116
Mitre link : CVE-2020-26116
CVE.ORG link : CVE-2020-26116
JSON object : View
Products Affected
netapp
- solidfire
- hci_storage_node
- hci_compute_node
debian
- debian_linux
fedoraproject
- fedora
oracle
- zfs_storage_appliance_kit
opensuse
- leap
python
- python
canonical
- ubuntu_linux
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')