Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2019-11236HistoryApr 15, 2019 - 3:29 p.m.
CVE-2019-11236
2019-04-1515:29:00
Debian Security Bug Tracker
security-tracker.debian.org
16
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.004 Low
EPSS
Percentile
74.8%
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | python-urllib3 | < 1.25.6-4 | python-urllib3_1.25.6-4_all.deb |
| Debian | 11 | all | python-urllib3 | < 1.25.6-4 | python-urllib3_1.25.6-4_all.deb |
| Debian | 999 | all | python-urllib3 | < 1.25.6-4 | python-urllib3_1.25.6-4_all.deb |
| Debian | 13 | all | python-urllib3 | < 1.25.6-4 | python-urllib3_1.25.6-4_all.deb |
Related
amazon
amazon
Medium: python-urllib3
2019-07-17 23:24:00
Medium: python-pip
2020-02-04 22:44:00
Medium: python-pip
2020-02-05 16:26:00
nessus
nessus
Debian DLA-1828-1 : python-urllib3 security update
2019-06-21 00:00:00
EulerOS Virtualization 3.0.2.2 : python-urllib3 (EulerOS-SA-2020-1277)
2020-03-20 00:00:00
EulerOS 2.0 SP5 : python-urllib3 (EulerOS-SA-2019-2184)
2019-11-08 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2019-2184)
2020-01-23 00:00:00
Mageia: Security Advisory (MGASA-2019-0259)
2022-01-28 00:00:00
Ubuntu: Security Advisory (USN-3990-2)
2022-08-26 00:00:00
ubuntu
ubuntu
urllib3 vulnerability
2019-07-29 00:00:00
urllib3 vulnerabilities
2019-05-21 00:00:00
debian
debian
[SECURITY] [DLA 1828-1] python-urllib3 security update
2019-06-20 11:32:24
[SECURITY] [DLA 2686-1] python-urllib3 security update
2021-06-15 18:34:44
[SECURITY] [DLA 3610-1] python-urllib3 security update
2023-10-08 11:06:20
github
github
Improper Neutralization of CRLF Sequences in urllib3 library for Python
2022-05-13 01:09:23
ibm
ibm
osv
osv
PYSEC-2019-132
2019-04-15 15:29:00
python-urllib3 - security update
2019-06-19 00:00:00
Improper Neutralization of CRLF Sequences in urllib3 library for Python
2022-05-13 01:09:23
cvelist
cvelist
CVE-2019-11236
2019-04-15 00:00:00
veracode
veracode
Carriage Return Line Feed (CRLF) Injection
2019-04-16 03:25:10
cbl_mariner
cbl_mariner
CVE-2019-11236 affecting package python-urllib3 1.24.2-2
2021-08-11 06:39:25
f5
f5
K000135001 : Python URLlib3 vulnerability CVE-2019-11236
2023-06-12 00:00:00
mageia
mageia
Updated python-urllib3 packages fix security vulnerability
2019-09-07 00:09:08
Updated python-pip packages fix security vulnerabilities
2020-01-28 14:32:54
Updated python-urllib3 packages fix security vulnerability
2019-09-07 00:09:08
redhatcve
redhatcve
CVE-2019-11236
2021-07-25 09:09:28
nvd
nvd
CVE-2019-11236
2019-04-15 15:29:00
cve
cve
CVE-2019-11236
2019-04-15 15:29:00
prion
prion
Crlf injection
2019-04-15 15:29:00
fedora
fedora
[SECURITY] Fedora 30 Update: python-urllib3-1.24.3-1.fc30
2019-06-12 14:48:30
[SECURITY] Fedora 30 Update: python-pip-19.0.3-6.fc30
2020-01-20 03:19:41
[SECURITY] Fedora 31 Update: python-pip-19.1.1-7.fc31
2020-01-08 11:55:39
oraclelinux
oraclelinux
python-urllib3 security update
2019-08-13 00:00:00
python-virtualenv security update
2020-05-19 00:00:00
python-virtualenv security update
2020-03-18 00:00:00
redhat
redhat
(RHSA-2019:2272) Moderate: python-urllib3 security update
2019-08-06 08:19:27
(RHSA-2019:3590) Moderate: python-urllib3 security update
2019-11-05 18:04:56
(RHSA-2020:2081) Moderate: python-virtualenv security update
2020-05-12 14:03:20
centos
centos
python security update
2019-08-30 04:04:34
python security update
2020-03-25 19:10:05
python3 security update
2020-03-18 19:33:57
freebsd
freebsd
urllib3 -- multiple vulnerabilities
2018-12-11 00:00:00
ubuntucve
ubuntucve
CVE-2019-11236
2019-04-15 00:00:00
suse
suse
Security update for python-urllib3 (moderate)
2019-09-15 00:00:00
Security update for python-urllib3 (moderate)
2019-09-14 00:00:00
almalinux
almalinux
Moderate: python27:2.7 security, bug fix, and enhancement update
2020-04-28 08:55:59
Moderate: python27:2.7 security and bug fix update
2019-11-05 17:32:12
photon
photon
Important Photon OS Security Update - PHSA-2021-0246
2021-06-02 00:00:00
Critical Photon OS Security Update - PHSA-2021-0442
2021-10-13 00:00:00
Important Photon OS Security Update - PHSA-2021-3.0-0246
2021-06-02 00:00:00
rocky
rocky
python27:2.7 security and bug fix update
2019-11-05 17:32:12
python27:2.7 security, bug fix, and enhancement update
2020-04-28 08:55:59
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.004 Low
EPSS
Percentile
74.8%
Related for DEBIANCVE:CVE-2019-11236