Lucene search

K
f5F5F5:K000133759
HistoryMay 08, 2023 - 12:00 a.m.

K000133759 : Python vulnerability CVE-2020-26116

2023-05-0800:00:00
my.f5.com
15
python 3.x
crlf injection
http headers
smuggling attack
security advisory

AI Score

7.2

Confidence

High

EPSS

0.004

Percentile

72.3%

Security Advisory Description

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. (CVE-2020-26116)

Impact

An attacker may use this vulnerability to inject additional HTTP headers using the HTTP method, which allows the attacker to perform a smuggling attack and can also allow a client to bypass HTTP headers with security purposes.