6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
urllib3 is vulnerable to CRLF injection. It is possible because it does not escape CRLF characters injected into the request parameter, allowing an attacker to manipulate the HTTP headers once the parameter is under control.
lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html
lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html
access.redhat.com/errata/RHSA-2019:2272
access.redhat.com/errata/RHSA-2019:3335
access.redhat.com/errata/RHSA-2019:3590
bugs.python.org/issue36276#msg337837
github.com/urllib3/urllib3/commit/0aa3e24fcd75f1bb59ab159e9f8adb44055b2271
github.com/urllib3/urllib3/issues/1553
github.com/urllib3/urllib3/pull/1487
lists.debian.org/debian-lts-announce/2019/06/msg00016.html
lists.debian.org/debian-lts-announce/2021/06/msg00015.html
lists.fedoraproject.org/archives/list/[email protected]/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/
lists.fedoraproject.org/archives/list/[email protected]/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR/
lists.fedoraproject.org/archives/list/[email protected]/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL/
lists.fedoraproject.org/archives/list/[email protected]/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/
usn.ubuntu.com/3990-1/
usn.ubuntu.com/3990-2/
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N