urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

References

bugs.python.org/issue39603

github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b

github.com/urllib3/urllib3/pull/1800

lists.debian.org/debian-lts-announce/2021/06/msg00015.html

lists.debian.org/debian-lts-announce/2023/10/msg00012.html

usn.ubuntu.com/4570-1/

www.oracle.com/security-alerts/cpujul2022.html

www.oracle.com/security-alerts/cpuoct2021.html

github 1

nessus 68

openvas 41

prion 2

osv 16

ubuntucve 2

nvd 2

cve 2

f5 2

debiancve 2

alpinelinux 1

oraclelinux 4

centos 1

redhat 6

almalinux 3

rocky 3

suse 6

amazon 4

ibm 9

veracode 2

redhatcve 2

mageia 2

cbl_mariner 2

ubuntu 2

photon 3

fedora 4

cvelist 1

cloudfoundry 1

hackerone 1

rosalinux 1

debian 2

gentoo 1

github

CRLF injection in urllib3

2021-06-18 18:46:43

nessus

EulerOS 2.0 SP9 : python-urllib3 (EulerOS-SA-2021-2541)

2021-09-27 00:00:00

Amazon Linux 2 : python-urllib3 (ALAS-2021-1668)

2021-06-23 00:00:00

Rocky Linux 8 : python-urllib3 (RLSA-2021:1631)

2023-11-07 00:00:00

openvas

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2021-2541)

2021-09-28 00:00:00

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2021-2565)

2021-09-28 00:00:00

CentOS: Security Advisory for python (CESA-2022:5235)

2022-08-03 00:00:00

prion

Crlf injection

2020-09-30 18:15:00

Crlf injection

2020-09-27 04:15:00

osv

PYSEC-2020-148

2020-09-30 18:15:00

CRLF injection in urllib3

2021-06-18 18:46:43

CVE-2020-26137

2020-09-30 18:15:26

ubuntucve

CVE-2020-26137

2020-09-30 00:00:00

CVE-2020-26116

2020-09-27 00:00:00

nvd

CVE-2020-26137

2020-09-30 18:15:26

CVE-2020-26116

2020-09-27 04:15:11

cve

CVE-2020-26137

2020-09-30 18:15:26

CVE-2020-26116

2020-09-27 04:15:11

K000133547 : Python urllib3 vulnerability CVE-2020-26137

2023-04-18 00:00:00

K000133759 : Python vulnerability CVE-2020-26116

2023-05-08 00:00:00

debiancve

CVE-2020-26137

2020-09-30 18:15:26

CVE-2020-26116

2020-09-27 04:15:11

alpinelinux

CVE-2020-26137

2020-09-30 18:15:26

oraclelinux

python security update

2022-07-02 00:00:00

python27:2.7 security and bug fix update

2021-05-25 00:00:00

python-urllib3 security update

2021-05-25 00:00:00

centos

python, tkinter security update

2022-08-02 19:15:12

redhat

(RHSA-2022:5235) Moderate: python security update

2022-06-28 07:52:39

(RHSA-2021:1761) Moderate: python27:2.7 security and bug fix update

2021-05-18 06:02:07

(RHSA-2021:1631) Moderate: python-urllib3 security update

2021-05-18 05:42:27

almalinux

Moderate: python27:2.7 security and bug fix update

2021-05-18 06:02:07

Moderate: python-urllib3 security update

2021-05-18 05:42:27

Moderate: python38:3.8 security update

2021-05-18 06:18:31

rocky

python27:2.7 security and bug fix update

2021-05-18 06:02:07

python-urllib3 security update

2021-05-18 05:42:27

python38:3.8 security update

2021-05-18 06:18:31

suse

Security update for python-urllib3 (moderate)

2020-12-13 00:00:00

Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (moderate)

2021-08-27 00:00:00

Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (moderate)

2021-08-23 00:00:00

amazon

Medium: python-urllib3

2021-06-16 20:37:00

Medium: python27, python34, python35

2020-11-16 17:59:00

Medium: python

2021-06-16 20:37:00

ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to CRLF injection in Python urllib3 [CVE-2020-26137]

2024-02-29 20:16:05

Security Bulletin: A vulnerability in urlib3 affects IBM Robotic Process Automation for Cloud Pak which may result in CRLF injection (CVE-2020-26137).

2023-08-21 17:54:57

Security Bulletin: Vulnerability in Urllib3 affects IBM Spectrum Protect Container and Microsoft File Systems Agents (CVE-2020-26137)

2020-12-04 06:34:59

veracode

Carriage-Return Line-Feed (CRLF) Injection

2020-10-01 01:43:17

CRLF Injection

2020-10-18 01:59:16

redhatcve

CVE-2020-26137

2020-09-29 19:03:30

CVE-2020-26116

2020-10-02 02:06:52

mageia

Updated python-urllib3 packages fix security vulnerability

2021-01-25 18:25:52

Updated python-pip packages fix security vulnerabilities

2021-01-25 18:25:52

cbl_mariner

CVE-2020-26137 affecting package python-urllib3 1.24.2-2

2021-08-11 06:39:25

CVE-2020-26116 affecting package python3 3.7.7-2

2021-07-08 21:56:42

ubuntu

urllib3 vulnerability

2020-10-05 00:00:00

Python vulnerability

2020-10-14 00:00:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0332

2020-10-14 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0289

2020-10-14 00:00:00

Important Photon OS Security Update - PHSA-2020-0332

2020-10-14 00:00:00

fedora

[SECURITY] Fedora 32 Update: mingw-python3-3.8.3-7.fc32

2020-11-17 01:14:12

[SECURITY] Fedora 32 Update: python27-2.7.18-6.fc32

2020-10-16 15:21:26

[SECURITY] Fedora 31 Update: python2-2.7.18-6.fc31

2020-10-30 01:15:15

cvelist

CVE-2020-26116

2020-09-27 00:00:00

cloudfoundry

USN-4581-1: Python vulnerability | Cloud Foundry

2020-11-19 00:00:00

hackerone

Ruby: 'net/http': HTTP Header Injection in the set_content_type method

2021-04-19 09:25:39

rosalinux

Advisory ROSA-SA-2023-2203

2023-08-01 12:58:39

debian

[SECURITY] [DLA 3610-1] python-urllib3 security update

2023-10-08 11:06:20

[SECURITY] [DLA 2456-1] python3.5 security update

2020-11-19 03:44:14

gentoo

Python: Multiple vulnerabilities

2021-01-24 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

AI Score

7.5

Confidence

High

EPSS

0.007

Percentile

79.9%

JSON

Related for CVELIST:CVE-2020-26137