CVE-2019-11236

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-11236

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11236.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-11236

Aliases

Downstream

BELL-CVE-2019-11236

DEBIAN-CVE-2019-11236

DLA-1828-1

DLA-2686-1

DLA-3610-1

RHBA-2020:2785

RHBA-2020:2804

RHSA-2019:2272

RHSA-2019:3335

RHSA-2019:3590

RHSA-2020:0850

RHSA-2020:0851

RHSA-2020:1605

RHSA-2020:1916

RHSA-2020:2068

RHSA-2020:2081

RLSA-2019:3335

RLSA-2020:1605

SUSE-FU-2022:0444-1

SUSE-FU-2022:0445-1

SUSE-SU-2019:2267-1

SUSE-SU-2019:2300-1

SUSE-SU-2019:2331-1

SUSE-SU-2019:2332-1

SUSE-SU-2019:2370-1

SUSE-SU-2019:2391-1

SUSE-SU-2019:2399-1

UBUNTU-CVE-2019-11236

USN-3990-1

USN-3990-2

openSUSE-SU-2019:2131-1

openSUSE-SU-2019:2133-1

Related

Published

2019-04-15T15:29:00.637Z

Modified

2026-03-15T22:21:13.247448Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.

References

Affected packages

Git / github.com/urllib3/urllib3

Affected ranges

Type

GIT

Repo

https://github.com/urllib3/urllib3

Events

Introduced

Last affected

1efadf43dc63317cd9eaa3e0fdb9e05ab07254b1

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.24.2"
        }
    ]
}

Affected versions

0.*

0.3

0.3.1

0.4

0.4.1

1.*

1.0

1.0.1

1.0.2

1.1

1.10

1.10.1

1.10.2

1.10.3

1.10.4

1.11

1.12

1.13

1.13.1

1.14

1.15

1.15.1

1.16

1.18

1.19

1.2

1.2.1

1.20

1.21

1.21.1

1.22

1.23

1.24

1.24.1

1.24.2

1.3

1.4

1.5

1.6

1.7

1.7.1

1.8

1.8.1

1.8.2

1.8.3

1.9

1.9.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11236.json"