PYSEC-2020-148
- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/urllib3/PYSEC-2020-148.yaml
- Aliases
- Published
- 2020-09-30T18:15:00Z
- Modified
- 2023-11-08T04:03:14.251187Z
- Summary
- [none]
- Details
-
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
- References
Affected packages
PyPI / urllib3
Package
- Name
- urllib3
Affected ranges
- Type
- GIT
- Repo
- https://github.com/urllib3/urllib3
- Events
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed1.25.9
Affected versions
0.*
0.2
0.3
0.3.1
0.4.0
0.4.1
1.*
1.0
1.0.1
1.0.2
1.1
1.2
1.2.1
1.2.2
1.3
1.4
1.5
1.6
1.7
1.7.1
1.8
1.8.2
1.8.3
1.9
1.9.1
1.10
1.10.1
1.10.2
1.10.3
1.10.4
1.11
1.12
1.13
1.13.1
1.14
1.15
1.15.1
1.16
1.17
1.18
1.18.1
1.19
1.19.1
1.20
1.21
1.21.1
1.22
1.23
1.24
1.24.1
1.24.2
1.24.3
1.25
1.25.1
1.25.2
1.25.3
1.25.4
1.25.5
1.25.6
1.25.7
1.25.8