CVE-2020-26116

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-26116

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-26116.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-26116

Aliases

Downstream

DEBIAN-CVE-2020-26116

DLA-2456-1

DLA-3432-1

RHSA-2020:4273

RHSA-2020:4285

RHSA-2020:4299

RHSA-2021:1633

RHSA-2021:1761

RHSA-2021:1879

RHSA-2021:3366

RHSA-2022:5235

SUSE-SU-2020:14550-1

SUSE-SU-2020:3115-1

SUSE-SU-2020:3121-1

SUSE-SU-2020:3262-1

SUSE-SU-2020:3563-1

SUSE-SU-2020:3930-1

SUSE-SU-2021:0299-1

SUSE-SU-2021:0341-1

SUSE-SU-2021:0342-1

SUSE-SU-2021:0486-1

SUSE-SU-2021:0515-1

UBUNTU-CVE-2020-26116

USN-4581-1

USN-4754-3

USN-6891-1

openSUSE-SU-2020:1859-1

openSUSE-SU-2020:1988-1

openSUSE-SU-2020:2332-1

openSUSE-SU-2020:2333-1

openSUSE-SU-2024:11284-1

openSUSE-SU-2024:11285-1

openSUSE-SU-2024:11551-1

Related

Published

2020-09-27T04:15:11Z

Modified

2025-08-11T14:44:34.234527Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.

References

Affected packages

Git / github.com/python/cpython

Affected ranges

Type: GIT
Repo: https://github.com/python/cpython
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

426b022776672fdf3d71ddd98d89af341c88080f