urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

CPENameOperatorVersion
urllib3eq1.9
urllib3eq0.3
urllib3eq1.24
urllib3eq1.19.1
urllib3eq1.7.1
urllib3eq1.0.2
urllib3eq1.3
urllib3eq1.14
urllib3eq1.25.6
urllib3eq1.8

Name	Operator	Version
urllib3	eq	1.9
urllib3	eq	0.3
urllib3	eq	1.24
urllib3	eq	1.19.1
urllib3	eq	1.7.1
urllib3	eq	1.0.2
urllib3	eq	1.3
urllib3	eq	1.14
urllib3	eq	1.25.6
urllib3	eq	1.8

Rows per page:

1-10 of 591

References

bugs.python.org/issue39603

github.com/urllib3/urllib3

github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b

github.com/urllib3/urllib3/pull/1800

lists.debian.org/debian-lts-announce/2021/06/msg00015.html

lists.debian.org/debian-lts-announce/2023/10/msg00012.html

nvd.nist.gov/vuln/detail/CVE-2020-26137

usn.ubuntu.com/4570-1

www.oracle.com/security-alerts/cpujul2022.html

www.oracle.com/security-alerts/cpuoct2021.html

nessus 69

ubuntucve 2

cve 2

cvelist 2

osv 13

nvd 2

openvas 41

f5 2

alpinelinux 1

debiancve 2

prion 2

github 1

oraclelinux 3

centos 1

redhat 7

rocky 3

almalinux 3

amazon 5

ibm 9

suse 6

redhatcve 2

cbl_mariner 2

mageia 2

ubuntu 2

veracode 2

fedora 4

cloudfoundry 1

photon 3

hackerone 1

rosalinux 1

debian 2

gentoo 1

nessus

openSUSE 15 Security Update : aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (openSUSE-SU-2021:2817-1)

2021-08-24 00:00:00

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : urllib3 vulnerability (USN-4570-1)

2020-10-05 00:00:00

SUSE SLED15 / SLES15 Security Update : aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (SUSE-SU-2021:2817-1)

2021-08-24 00:00:00

ubuntucve

CVE-2020-26137

2020-09-30 00:00:00

CVE-2020-26116

2020-09-27 00:00:00

cve

CVE-2020-26137

2020-09-30 18:15:26

CVE-2020-26116

2020-09-27 04:15:11

cvelist

CVE-2020-26137

2020-09-29 00:00:00

CVE-2020-26116

2020-09-27 00:00:00

osv

PYSEC-2020-148

2020-09-30 18:15:00

CVE-2020-26137

2020-09-30 18:15:26

Moderate: python27:2.7 security and bug fix update

2021-05-18 06:02:07

nvd

CVE-2020-26137

2020-09-30 18:15:26

CVE-2020-26116

2020-09-27 04:15:11

openvas

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2021-2565)

2021-09-28 00:00:00

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2021-2541)

2021-09-28 00:00:00

CentOS: Security Advisory for python (CESA-2022:5235)

2022-08-03 00:00:00

K000133547 : Python urllib3 vulnerability CVE-2020-26137

2023-04-18 00:00:00

K000133759 : Python vulnerability CVE-2020-26116

2023-05-08 00:00:00

alpinelinux

CVE-2020-26137

2020-09-30 18:15:26

debiancve

CVE-2020-26137

2020-09-30 18:15:26

CVE-2020-26116

2020-09-27 04:15:11

prion

Crlf injection

2020-09-30 18:15:00

Crlf injection

2020-09-27 04:15:00

github

CRLF injection in urllib3

2021-06-18 18:46:43

oraclelinux

python security update

2022-07-02 00:00:00

python27:2.7 security and bug fix update

2021-05-25 00:00:00

python-urllib3 security update

2021-05-25 00:00:00

centos

python, tkinter security update

2022-08-02 19:15:12

redhat

(RHSA-2022:5235) Moderate: python security update

2022-06-28 07:52:39

(RHSA-2021:1761) Moderate: python27:2.7 security and bug fix update

2021-05-18 06:02:07

(RHSA-2020:4299) Moderate: rh-python38 security, bug fix, and enhancement update

2020-10-20 19:42:54

rocky

python27:2.7 security and bug fix update

2021-05-18 06:02:07

python-urllib3 security update

2021-05-18 05:42:27

python38:3.8 security update

2021-05-18 06:18:31

almalinux

Moderate: python27:2.7 security and bug fix update

2021-05-18 06:02:07

Moderate: python-urllib3 security update

2021-05-18 05:42:27

Moderate: python38:3.8 security update

2021-05-18 06:18:31

amazon

Medium: python-urllib3

2021-06-16 20:37:00

Medium: python

2021-06-16 20:37:00

Medium: python27, python34, python35

2020-11-16 17:59:00

ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to CRLF injection in Python urllib3 [CVE-2020-26137]

2024-02-29 20:30:41

Security Bulletin: Vulnerability in Urllib3 affects IBM Spectrum Protect Container and Microsoft File Systems Agents (CVE-2020-26137)

2020-12-04 06:34:59

Security Bulletin: A vulnerability in urlib3 affects IBM Robotic Process Automation for Cloud Pak which may result in CRLF injection (CVE-2020-26137).

2023-08-21 17:54:57

suse

Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (moderate)

2021-08-23 00:00:00

Security update for python-urllib3 (moderate)

2020-12-13 00:00:00

Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (moderate)

2021-08-27 00:00:00

redhatcve

CVE-2020-26137

2020-09-29 19:03:30

CVE-2020-26116

2020-10-02 02:06:52

cbl_mariner

CVE-2020-26137 affecting package python-urllib3 1.24.2-2

2021-08-11 06:39:25

CVE-2020-26116 affecting package python3 3.7.7-2

2021-07-08 21:56:42

mageia

Updated python-urllib3 packages fix security vulnerability

2021-01-25 18:25:52

Updated python-pip packages fix security vulnerabilities

2021-01-25 18:25:52

ubuntu

urllib3 vulnerability

2020-10-05 00:00:00

Python vulnerability

2020-10-14 00:00:00

veracode

Carriage-Return Line-Feed (CRLF) Injection

2020-10-01 01:43:17

CRLF Injection

2020-10-18 01:59:16

fedora

[SECURITY] Fedora 32 Update: mingw-python3-3.8.3-7.fc32

2020-11-17 01:14:12

[SECURITY] Fedora 33 Update: python2.7-2.7.18-6.fc33

2020-10-05 16:36:13

[SECURITY] Fedora 32 Update: python27-2.7.18-6.fc32

2020-10-16 15:21:26

cloudfoundry

USN-4581-1: Python vulnerability | Cloud Foundry

2020-11-19 00:00:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0289

2020-10-14 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0332

2020-10-14 00:00:00

Important Photon OS Security Update - PHSA-2020-0332

2020-10-14 00:00:00

hackerone

Ruby: 'net/http': HTTP Header Injection in the set_content_type method

2021-04-19 09:25:39

rosalinux

Advisory ROSA-SA-2023-2203

2023-08-01 12:58:39

debian

[SECURITY] [DLA 3610-1] python-urllib3 security update

2023-10-08 11:06:20

[SECURITY] [DLA 2456-1] python3.5 security update

2020-11-19 03:44:14

gentoo

Python: Multiple vulnerabilities

2021-01-24 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.3 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.7%

JSON

Related for OSV:GHSA-WQVQ-5M8C-6G24