Description

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.

Remediation

References

CVE-2020-26116

Related Vulnerabilities

WordPress Plugin WP eCommerce SQL Injection (3.11.3)

Internet Information Services Other Vulnerability (CVE-2001-0709)

WordPress Plugin Redirection Cross-Site Request Forgery (1.1.3)

Joomla! Core 3.x.x Denial of Service (3.0.0 - 3.2.5)

WordPress Plugin SEO Redirection-301 Redirect Manager Cross-Site Request Forgery (7.8)

Severity

High

Classification

CVE-2020-26116 CWE-116 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities