Lucene search

[email protected]CVE-2019-11236

HistoryApr 15, 2019 - 3:29 p.m.

CVE-2019-11236

2019-04-1515:29:00

CWE-93

[email protected]

web.nvd.nist.gov

393

crlf injection

urllib3

python

cve-2019-11236

security vulnerability

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

8.1 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.3%

JSON

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.

CPENameOperatorVersion
python:urllib3python urllib3le1.24.2

CPE	Name	Operator	Version
python:urllib3	python urllib3	le	1.24.2

References

lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html

access.redhat.com/errata/RHSA-2019:2272

access.redhat.com/errata/RHSA-2019:3335

access.redhat.com/errata/RHSA-2019:3590

github.com/urllib3/urllib3/issues/1553

lists.debian.org/debian-lts-announce/2019/06/msg00016.html

lists.debian.org/debian-lts-announce/2021/06/msg00015.html

lists.debian.org/debian-lts-announce/2023/10/msg00012.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/

usn.ubuntu.com/3990-1/

usn.ubuntu.com/3990-2/

Social References

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

8.1 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.3%

JSON

Related for CVE-2019-11236

nessus73 openvas28 amazon4 ubuntu2 github1 debian3 osv10 ibm6 redhatcve1 f51 veracode1 mageia3 debiancve1 cbl_mariner1 prion1 fedora4 centos3 oraclelinux8 redhat11 freebsd1 ubuntucve1 suse2 photon4 almalinux2 rocky2