urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

OSVersionArchitecturePackageVersionFilename
Debian12allpython-urllib3< 1.25.9-1python-urllib3_1.25.9-1_all.deb
Debian11allpython-urllib3< 1.25.9-1python-urllib3_1.25.9-1_all.deb
Debian10allpython-urllib3< 1.24.1-1+deb10u1python-urllib3_1.24.1-1+deb10u1_all.deb
Debian999allpython-urllib3< 1.25.9-1python-urllib3_1.25.9-1_all.deb
Debian13allpython-urllib3< 1.25.9-1python-urllib3_1.25.9-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	python-urllib3	< 1.25.9-1	python-urllib3_1.25.9-1_all.deb
Debian	11	all	python-urllib3	< 1.25.9-1	python-urllib3_1.25.9-1_all.deb
Debian	10	all	python-urllib3	< 1.24.1-1+deb10u1	python-urllib3_1.24.1-1+deb10u1_all.deb
Debian	999	all	python-urllib3	< 1.25.9-1	python-urllib3_1.25.9-1_all.deb
Debian	13	all	python-urllib3	< 1.25.9-1	python-urllib3_1.25.9-1_all.deb

nessus 70

openvas 42

prion 2

github 1

f5 2

osv 15

alpinelinux 1

ubuntucve 2

cve 2

oraclelinux 4

centos 1

redhat 7

almalinux 3

rocky 3

suse 6

veracode 2

ibm 9

amazon 5

redhatcve 2

fedora 4

debiancve 1

mageia 2

ubuntu 2

cbl_mariner 2

photon 3

cloudfoundry 1

hackerone 1

rosalinux 1

debian 2

gentoo 1

nessus

openSUSE 15 Security Update : aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (openSUSE-SU-2021:2817-1)

2021-08-24 00:00:00

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : urllib3 vulnerability (USN-4570-1)

2020-10-05 00:00:00

SUSE SLED15 / SLES15 Security Update : aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (SUSE-SU-2021:2817-1)

2021-08-24 00:00:00

openvas

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2021-2565)

2021-09-28 00:00:00

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2021-2541)

2021-09-28 00:00:00

CentOS: Security Advisory for python (CESA-2022:5235)

2022-08-03 00:00:00

prion

Crlf injection

2020-09-30 18:15:00

Crlf injection

2020-09-27 04:15:00

github

CRLF injection in urllib3

2021-06-18 18:46:43

K000133547 : Python urllib3 vulnerability CVE-2020-26137

2023-04-18 00:00:00

K000133759 : Python vulnerability CVE-2020-26116

2023-05-08 00:00:00

osv

CVE-2020-26137

2020-09-30 18:15:26

PYSEC-2020-148

2020-09-30 18:15:00

CRLF injection in urllib3

2021-06-18 18:46:43

alpinelinux

CVE-2020-26137

2020-09-30 18:15:00

ubuntucve

CVE-2020-26137

2020-09-30 00:00:00

CVE-2020-26116

2020-09-27 00:00:00

cve

CVE-2020-26137

2020-09-30 18:15:00

CVE-2020-26116

2020-09-27 04:15:00

oraclelinux

python security update

2022-07-02 00:00:00

python27:2.7 security and bug fix update

2021-05-25 00:00:00

python-urllib3 security update

2021-05-25 00:00:00

centos

python, tkinter security update

2022-08-02 19:15:12

redhat

(RHSA-2022:5235) Moderate: python security update

2022-06-28 07:52:39

(RHSA-2021:1761) Moderate: python27:2.7 security and bug fix update

2021-05-18 06:02:07

(RHSA-2021:1631) Moderate: python-urllib3 security update

2021-05-18 05:42:27

almalinux

Moderate: python27:2.7 security and bug fix update

2021-05-18 06:02:07

Moderate: python-urllib3 security update

2021-05-18 05:42:27

Moderate: python38:3.8 security update

2021-05-18 06:18:31

rocky

python27:2.7 security and bug fix update

2021-05-18 06:02:07

python-urllib3 security update

2021-05-18 05:42:27

python38:3.8 security update

2021-05-18 06:18:31

suse

Security update for python-urllib3 (moderate)

2020-12-13 00:00:00

Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (moderate)

2021-08-27 00:00:00

Security update for python-urllib3 (moderate)

2020-12-18 00:00:00

veracode

Carriage-Return Line-Feed (CRLF) Injection

2020-10-01 01:43:17

CRLF Injection

2020-10-18 01:59:16

ibm

Security Bulletin: A vulnerability in urlib3 affects IBM Robotic Process Automation for Cloud Pak which may result in CRLF injection (CVE-2020-26137).

2023-08-21 17:54:57

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to CRLF injection in Python urllib3 [CVE-2020-26137]

2024-02-29 20:30:41

Security Bulletin: Vulnerability in Open Source Python affects IBM Tivoli Application Dependency Discovery Manager (CVE-2020-26116)

2021-04-12 12:07:52

amazon

Medium: python-urllib3

2021-06-16 20:37:00

Medium: python27, python34, python35

2020-11-16 17:59:00

Medium: python

2021-06-16 20:37:00

redhatcve

CVE-2020-26137

2020-09-29 19:03:30

CVE-2020-26116

2020-10-02 02:06:52

fedora

[SECURITY] Fedora 32 Update: mingw-python3-3.8.3-7.fc32

2020-11-17 01:14:12

[SECURITY] Fedora 31 Update: python2-2.7.18-6.fc31

2020-10-30 01:15:15

[SECURITY] Fedora 32 Update: python27-2.7.18-6.fc32

2020-10-16 15:21:26

debiancve

CVE-2020-26116

2020-09-27 04:15:00

mageia

Updated python-urllib3 packages fix security vulnerability

2021-01-25 18:25:52

Updated python-pip packages fix security vulnerabilities

2021-01-25 18:25:52

ubuntu

urllib3 vulnerability

2020-10-05 00:00:00

Python vulnerability

2020-10-14 00:00:00

cbl_mariner

CVE-2020-26137 affecting package python-urllib3 1.24.2-2

2021-08-11 06:39:25

CVE-2020-26116 affecting package python3 3.7.7-2

2021-07-08 21:56:42

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0332

2020-10-14 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0289

2020-10-14 00:00:00

Important Photon OS Security Update - PHSA-2020-0332

2020-10-14 00:00:00

cloudfoundry

USN-4581-1: Python vulnerability | Cloud Foundry

2020-11-19 00:00:00

hackerone

Ruby: 'net/http': HTTP Header Injection in the set_content_type method

2021-04-19 09:25:39

rosalinux

Advisory ROSA-SA-2023-2203

2023-08-01 12:58:39

debian

[SECURITY] [DLA 3610-1] python-urllib3 security update

2023-10-08 11:06:20

[SECURITY] [DLA 2456-1] python3.5 security update

2020-11-19 03:44:14

gentoo

Python: Multiple vulnerabilities

2021-01-24 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

74.3%

JSON

Related for DEBIANCVE:CVE-2020-26137