urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest() (CVE-2020-26137).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 7 | noarch | python-urllib3 | < 1.24.3-1.2 | python-urllib3-1.24.3-1.2.mga7 |