urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

CPENameOperatorVersion
urllib3eq1.0.2
py3-urllib3eq1.25.2-r0
urllib3eq1.25.2
urllib3eq1.25.6
urllib3eq1.7.1
urllib3eq1.8.2
urllib3eq1.25.8
urllib3eq1.9
py3-urllib3eq1.25.1-r0
py3-urllib3eq1.24.1-r1

Name	Operator	Version
urllib3	eq	1.0.2
py3-urllib3	eq	1.25.2-r0
urllib3	eq	1.25.2
urllib3	eq	1.25.6
urllib3	eq	1.7.1
urllib3	eq	1.8.2
urllib3	eq	1.25.8
urllib3	eq	1.9
py3-urllib3	eq	1.25.1-r0
py3-urllib3	eq	1.24.1-r1

Rows per page:

1-10 of 501

References

bugs.python.org/issue39603

github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b

github.com/urllib3/urllib3/pull/1800

lists.debian.org/debian-lts-announce/2021/06/msg00015.html

lists.debian.org/debian-lts-announce/2023/10/msg00012.html

usn.ubuntu.com/4570-1/

www.oracle.com/security-alerts/cpujul2022.html

www.oracle.com/security-alerts/cpuoct2021.html

ubuntucve 2

nessus 69

cve 2

nvd 2

cvelist 2

osv 14

prion 2

openvas 41

github 1

f5 2

alpinelinux 1

debiancve 2

centos 1

redhat 7

oraclelinux 4

almalinux 3

rocky 3

amazon 5

ibm 7

suse 6

cbl_mariner 2

mageia 2

ubuntu 2

veracode 2

redhatcve 2

photon 3

cloudfoundry 1

fedora 4

hackerone 1

rosalinux 1

gentoo 1

debian 2

ubuntucve

CVE-2020-26137

2020-09-30 00:00:00

CVE-2020-26116

2020-09-27 00:00:00

nessus

openSUSE 15 Security Update : aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (openSUSE-SU-2021:1206-1)

2021-08-28 00:00:00

EulerOS 2.0 SP9 : python-urllib3 (EulerOS-SA-2021-2541)

2021-09-27 00:00:00

Rocky Linux 8 : python-urllib3 (RLSA-2021:1631)

2023-11-07 00:00:00

cve

CVE-2020-26137

2020-09-30 18:15:26

CVE-2020-26116

2020-09-27 04:15:11

nvd

CVE-2020-26137

2020-09-30 18:15:26

CVE-2020-26116

2020-09-27 04:15:11

cvelist

CVE-2020-26137

2020-09-29 00:00:00

CVE-2020-26116

2020-09-27 00:00:00

osv

PYSEC-2020-148

2020-09-30 18:15:00

CRLF injection in urllib3

2021-06-18 18:46:43

Moderate: python27:2.7 security and bug fix update

2021-05-18 06:02:07

prion

Crlf injection

2020-09-30 18:15:00

Crlf injection

2020-09-27 04:15:00

openvas

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2021-2541)

2021-09-28 00:00:00

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2021-2565)

2021-09-28 00:00:00

CentOS: Security Advisory for python (CESA-2022:5235)

2022-08-03 00:00:00

github

CRLF injection in urllib3

2021-06-18 18:46:43

K000133547 : Python urllib3 vulnerability CVE-2020-26137

2023-04-18 00:00:00

K000133759 : Python vulnerability CVE-2020-26116

2023-05-08 00:00:00

alpinelinux

CVE-2020-26137

2020-09-30 18:15:26

debiancve

CVE-2020-26137

2020-09-30 18:15:26

CVE-2020-26116

2020-09-27 04:15:11

centos

python, tkinter security update

2022-08-02 19:15:12

redhat

(RHSA-2022:5235) Moderate: python security update

2022-06-28 07:52:39

(RHSA-2021:1761) Moderate: python27:2.7 security and bug fix update

2021-05-18 06:02:07

(RHSA-2020:4299) Moderate: rh-python38 security, bug fix, and enhancement update

2020-10-20 19:42:54

oraclelinux

python security update

2022-07-02 00:00:00

python27:2.7 security and bug fix update

2021-05-25 00:00:00

python-urllib3 security update

2021-05-25 00:00:00

almalinux

Moderate: python27:2.7 security and bug fix update

2021-05-18 06:02:07

Moderate: python-urllib3 security update

2021-05-18 05:42:27

Moderate: python38:3.8 security update

2021-05-18 06:18:31

rocky

python27:2.7 security and bug fix update

2021-05-18 06:02:07

python-urllib3 security update

2021-05-18 05:42:27

python38:3.8 security update

2021-05-18 06:18:31

amazon

Medium: python-urllib3

2021-06-16 20:37:00

Medium: python27, python34, python35

2020-11-16 17:59:00

Medium: python

2021-06-16 20:37:00

ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to CRLF injection in Python urllib3 [CVE-2020-26137]

2024-02-29 20:30:41

Security Bulletin: Vulnerability in Urllib3 affects IBM Spectrum Protect Container and Microsoft File Systems Agents (CVE-2020-26137)

2020-12-04 06:34:59

Security Bulletin: A vulnerability in urlib3 affects IBM Robotic Process Automation for Cloud Pak which may result in CRLF injection (CVE-2020-26137).

2023-08-21 17:54:57

suse

Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (moderate)

2021-08-23 00:00:00

Security update for python-urllib3 (moderate)

2020-12-18 00:00:00

Security update for python-urllib3 (moderate)

2020-12-13 00:00:00

cbl_mariner

CVE-2020-26137 affecting package python-urllib3 1.24.2-2

2021-08-11 06:39:25

CVE-2020-26116 affecting package python3 3.7.7-2

2021-07-08 21:56:42

mageia

Updated python-urllib3 packages fix security vulnerability

2021-01-25 18:25:52

Updated python-pip packages fix security vulnerabilities

2021-01-25 18:25:52

ubuntu

urllib3 vulnerability

2020-10-05 00:00:00

Python vulnerability

2020-10-14 00:00:00

veracode

Carriage-Return Line-Feed (CRLF) Injection

2020-10-01 01:43:17

CRLF Injection

2020-10-18 01:59:16

redhatcve

CVE-2020-26137

2020-09-29 19:03:30

CVE-2020-26116

2020-10-02 02:06:52

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0289

2020-10-14 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0332

2020-10-14 00:00:00

Important Photon OS Security Update - PHSA-2020-0332

2020-10-14 00:00:00

cloudfoundry

USN-4581-1: Python vulnerability | Cloud Foundry

2020-11-19 00:00:00

fedora

[SECURITY] Fedora 32 Update: mingw-python3-3.8.3-7.fc32

2020-11-17 01:14:12

[SECURITY] Fedora 31 Update: python2-2.7.18-6.fc31

2020-10-30 01:15:15

[SECURITY] Fedora 33 Update: python2.7-2.7.18-6.fc33

2020-10-05 16:36:13

hackerone

Ruby: 'net/http': HTTP Header Injection in the set_content_type method

2021-04-19 09:25:39

rosalinux

Advisory ROSA-SA-2023-2203

2023-08-01 12:58:39

gentoo

Python: Multiple vulnerabilities

2021-01-24 00:00:00

debian

[SECURITY] [DLA 2456-1] python3.5 security update

2020-11-19 03:44:14

[SECURITY] [DLA 3610-1] python-urllib3 security update

2023-10-08 11:06:20

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.004 Low

EPSS

Percentile

74.6%

JSON

Related for OSV:CVE-2020-26137