2 matches found
CVE-2020-26137
CVE-2020-26137 pertains to Python’s urllib3 and is explicitly described as a CRLF injection vulnerability in the HTTP request handling of urllib3/http.client. The connected advisories show affected package and version details: python-urllib3 1.24.2-2 (CBLMariner entry) and a recommended upgrade t...
CVE-2020-7212
CVE-2020-7212 concerns urllib3 for Python (versions 1.25.2–1.25.7) with a Denial of Service risk caused by the _encode_invalid_chars implementation in util/url.py. The issue arises from an inefficient algorithm where the percent_encodings collection can grow O(N) for a URL of length N, and the su...