CentOS 8 : python38:3.8 (CESA-2021:1879)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:1879 advisory. - python: CRLF injection via HTTP request method in httplib/http.client CVE-2020-26116 - python-lxml: mXSS due to the use of improper parser...

python-urllib3: CRLF injection via HTTP request method

A flaw was found in python-urllib3. The HTTPConnection.request does not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation of the request by injecting additional HTTP headers. The highest threat from this vulnerability is to confidentiality and integrit...

python: CRLF injection via HTTP request method in httplib/http.client

A flaw was found in Python. The built-in modules httplib and http.client included in Python 2 and Python 3, respectively do not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation to the request by injecting additional HTTP headers. The highest threat fr...

python38:3.8 security update

An update is available for python-psycopg2, python-PyMySQL, python-lxml, python3x-six, python-urllib3, PyYAML, python-jinja2, python-requests, modwsgi, python38, python-asn1crypto, python3x-pip, python-chardet, python-markupsafe, Cython, python-psutil, python-ply, babel, python-wheel,...

USN-4754-3 python2.7, python3.7, python3.8 vulnerabilities

USN-4754-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 18.04 and Ubuntu 20.04. In the case of Python 2.7 for 20.04, these additional fixes are included: It was dicovered that Python allowed remote attackers to cause a denial of service resource...

GitHub Security Lab: [Java] CWE-598: Use of GET Request Method with Sensitive Query Strings

This bug was reported directly to GitHub Security Lab...

Cross-site Request Forgery (CSRF)

cakephp/cakephp is vulnerable to cross-site request forgery. The vulnerability exists because of the lack of verification to check a CsrfProtectionMiddleware component which bypass CSRP checks by changing HTTP request method to arbitrary string that is not in the list of request methods...

Updated python-urllib3 packages fix security vulnerability

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest CVE-2020-26137...

Updated python-pip packages fix security vulnerabilities

It was discovered that pip did not properly sanitize the filename during pip install. A remote attacker could possible use this issue to read and write arbitrary files on the host filesystem as root, resulting in a directory traversal attack CVE-2019-20916. urllib3 before 1.25.9 allows CRLF...

python-urllib3: CRLF injection via HTTP request method

A flaw was found in python-urllib3. The HTTPConnection.request does not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation of the request by injecting additional HTTP headers. The highest threat from this vulnerability is to confidentiality and integrit...

PT-2021-14881 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 13.7 and later Description: An attacker could cause a denial of service in GitLab by sending an HTTP request with a method that is malformed. Recommendations: For GitLab versions 13.7 and later, update to a version that includ...

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

...

Debian DLA-2456-1 : python3.5 security update

Multiple security issues were discovered in Python. CVE-2019-20907 In Lib/tarfile.py, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation CVE-2020-26116 http.client allows CRLF injection if the attacker contro...

EulerOS 2.0 SP9 : python3 (EulerOS-SA-2020-2437)

According to the version of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker...

SUSE-SU-2020:3121-1 Security update for python

This update for python fixes the following issues: - CVE-2020-26116: Fixed CRLF injection via HTTP request method bsc1177211...

Moderate: Red Hat Security Advisory: python27 security, bug fix, and enhancement update

An update for python27-python, python27-python-pip, and python27-python-virtualenv is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

python: CRLF injection via HTTP request method in httplib/http.client

A flaw was found in Python. The built-in modules httplib and http.client included in Python 2 and Python 3, respectively do not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation to the request by injecting additional HTTP headers. The highest threat fr...

Moderate: Red Hat Security Advisory: rh-python36 security, bug fix, and enhancement update

An update for rh-python36-python, rh-python36-python-pip, and rh-python36-python-virtualenv is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives...

Fedora 32 : python27 (2020-887d3fa26f)

CVE-2020-26116: HTTP request method CRLF injection in httplib Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Fedora 32 : python34 (2020-d30881c970)

CVE-2019-20907: Avoid infinite loop in the tarfile module - CVE-2020-14422: Resolve hash collisions for IPv4Interface and IPv6Interface - CVE-2020-26116: HTTP request method CRLF injection in httplib This update brings Fedora 32's python34 in sync with the EPEL7 package. Note that Tenable Network...