http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DLA-2456-1 | python3.5 security update |
![]() |
DLA-3432-1 | python2.7 security update |
![]() |
DLA-3610-1 | python-urllib3 security update |
![]() |
EUVD-2020-18746 | http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. |
![]() |
USN-4581-1 | Python vulnerability |
![]() |
USN-4754-3 | Python vulnerabilities |
![]() |
USN-6891-1 | Python vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-04T15:49:07.209Z
Reserved: 2020-09-27T00:00:00
Link: CVE-2020-26116

No data.

Status : Modified
Published: 2020-09-27T04:15:11.587
Modified: 2024-11-21T05:19:16.570
Link: CVE-2020-26116


No data.