Lucene search

[email protected]NVD:CVE-2020-26116

HistorySep 27, 2020 - 4:15 a.m.

CVE-2020-26116

2020-09-2704:15:11

CWE-74

[email protected]

web.nvd.nist.gov

python

crlf injection

httpconnection

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

EPSS

0.004

Percentile

72.3%

JSON

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.

Affected configurations

Nvd

Node

pythonpythonRange3.0.0–3.5.10

pythonpythonRange3.6.0–3.6.12

pythonpythonRange3.7.0–3.7.9

pythonpythonRange3.8.0–3.8.5

Node

fedoraprojectfedoraMatch31

fedoraprojectfedoraMatch32

fedoraprojectfedoraMatch33

Node

canonicalubuntu_linuxMatch12.04-

canonicalubuntu_linuxMatch14.04esm

canonicalubuntu_linuxMatch16.04esm

canonicalubuntu_linuxMatch18.04lts

Node

netappsolidfireMatch-

netapphci_compute_nodeMatch-

netapphci_storage_nodeMatch-

Node

debiandebian_linuxMatch9.0

Node

oraclezfs_storage_appliance_kitMatch8.8

Node

opensuseleapMatch15.1

VendorProductVersionCPE
pythonpython*cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
fedoraprojectfedora31cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
fedoraprojectfedora32cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
fedoraprojectfedora33cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
canonicalubuntu_linux12.04cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
canonicalubuntu_linux14.04cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
canonicalubuntu_linux18.04cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
netappsolidfire-cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
netapphci_compute_node-cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
python	python	*	cpe:2.3:a:python:python::::::::
fedoraproject	fedora	31	cpe:2.3:o:fedoraproject:fedora:31:::::::*
fedoraproject	fedora	32	cpe:2.3:o:fedoraproject:fedora:32:::::::*
fedoraproject	fedora	33	cpe:2.3:o:fedoraproject:fedora:33:::::::*
canonical	ubuntu_linux	12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::
canonical	ubuntu_linux	14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
canonical	ubuntu_linux	16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
canonical	ubuntu_linux	18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
netapp	solidfire	-	cpe:2.3:a:netapp:solidfire:-:::::::*
netapp	hci_compute_node	-	cpe:2.3:h:netapp:hci_compute_node:-:::::::*