—
PYSEC-2019-132
Details
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://github.com/urllib3/urllib3/issues/1553 [REPORT]
- https://usn.ubuntu.com/3990-1/ [WEB]
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL/ [WEB]
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR/ [WEB]
- https://lists.debian.org/debian-lts-announce/2019/06/msg00016.html [WEB]
- https://usn.ubuntu.com/3990-2/ [WEB]
- https://access.redhat.com/errata/RHSA-2019:2272 [ADVISORY]
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html [WEB]
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html [WEB]
- https://access.redhat.com/errata/RHSA-2019:3335 [ADVISORY]
- https://access.redhat.com/errata/RHSA-2019:3590 [ADVISORY]
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/ [WEB]
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/ [WEB]
- https://github.com/advisories/GHSA-r64q-w8jr-g9qp [ADVISORY]