—

PYSEC-2020-148

상세

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / urllib3

최초 영향 버전: 0 수정 버전: 1dd69c5c5982fae7c87a620d487c2ebf7a6b436b

수정 pip install --upgrade 'urllib3>=1dd69c5c5982fae7c87a620d487c2ebf7a6b436b'

참고

https://bugs.python.org/issue39603 [WEB]
https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b [FIX]
https://github.com/urllib3/urllib3/pull/1800 [WEB]
https://usn.ubuntu.com/4570-1/ [WEB]
https://github.com/advisories/GHSA-wqvq-5m8c-6g24 [ADVISORY]