In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.
{ "urgency": "not yet assigned" }