6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
74.3%
In the urllib3 library through 1.24.2 for Python, CRLF injection is possible if the attacker controls the request parameter.
lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html
lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html
access.redhat.com/errata/RHSA-2019:2272
access.redhat.com/errata/RHSA-2019:3335
access.redhat.com/errata/RHSA-2019:3590
github.com/advisories/GHSA-r64q-w8jr-g9qp
github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2019-132.yaml
github.com/urllib3/urllib3
github.com/urllib3/urllib3/issues/1553
lists.debian.org/debian-lts-announce/2019/06/msg00016.html
lists.debian.org/debian-lts-announce/2021/06/msg00015.html
lists.debian.org/debian-lts-announce/2023/10/msg00012.html
lists.fedoraproject.org/archives/list/[email protected]/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72
lists.fedoraproject.org/archives/list/[email protected]/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR
lists.fedoraproject.org/archives/list/[email protected]/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL
lists.fedoraproject.org/archives/list/[email protected]/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2
nvd.nist.gov/vuln/detail/CVE-2019-11236
usn.ubuntu.com/3990-1
usn.ubuntu.com/3990-2
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
74.3%