Lucene search

K
redhatcveRedhat.comRH:CVE-2019-18348
HistoryOct 23, 2019 - 7:51 p.m.

CVE-2019-18348

2019-10-2319:51:12
redhat.com
access.redhat.com
31

EPSS

0.003

Percentile

68.8%

A CRLF injection flaw was discovered in python in the way URLs are handled when doing an HTTP/HTTPS connection (e.g. through urlopen() or HTTPConnection). An attacker who can control the url parameter passed to urlopen method in the urllib/urllib2 modules can inject CRLF sequences and HTTP headers by abusing the β€œhost” part of the URL.