Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:26176
HistoryAug 06, 2020 - 9:34 p.m.

CRLF Injection

2020-08-0621:34:27
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
1419

EPSS

0.004

Percentile

72.0%

urllib2 in python2 is vulnerable to CRLF injection. The vulnerability exists if an attacker controls a URL parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This vulnerability is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue.

References