Lucene search

K
osvGoogleOSV:GHSA-WQVQ-5M8C-6G24
HistoryJun 18, 2021 - 6:46 p.m.

CRLF injection in urllib3

2021-06-1818:46:43
Google
osv.dev
68
urllib3
crlf injection
http request

AI Score

7.3

Confidence

High

EPSS

0.007

Percentile

79.9%

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.