CRLF Injection

2020-05-2106:42:50

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.005 Low

EPSS

Percentile

75.8%

JSON

httplib2 is vulnerable to carriage-return line-feed (CRLF) injection. The vulnerability exists as it fails to restrict the characters , \r, \n in the value of URI.

CPENameOperatorVersion
httplib2le0.17.3
resource-agentseq4.1.1__12.el7_6.13
resource-agentseq4.1.1__30.el7
resource-agentseq3.9.5__40.el7_1.3
resource-agentseq4.1.1__12.el7_6.8
resource-agentseq4.1.1__30.el7_7.2
resource-agentseq4.1.1__12.el7_6.19
resource-agentseq4.1.1__12.el7_6.6
resource-agentseq4.1.1__53.el8
resource-agentseq3.9.5__105.el7_4.13

Name	Operator	Version
httplib2	le	0.17.3
resource-agents	eq	4.1.1__12.el7_6.13
resource-agents	eq	4.1.1__30.el7
resource-agents	eq	3.9.5__40.el7_1.3
resource-agents	eq	4.1.1__12.el7_6.8
resource-agents	eq	4.1.1__30.el7_7.2
resource-agents	eq	4.1.1__12.el7_6.19
resource-agents	eq	4.1.1__12.el7_6.6
resource-agents	eq	4.1.1__53.el8
resource-agents	eq	3.9.5__105.el7_4.13