http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-09-27T00:00:00
Updated: 2023-05-24T00:00:00
Reserved: 2020-09-27T00:00:00
Link: CVE-2020-26116
JSON object: View
NVD Information
Status : Modified
Published: 2020-09-27T04:15:11.587
Modified: 2023-11-07T03:20:30.150
Link: CVE-2020-26116
JSON object: View
Redhat Information
No data.
CWE