CVE-2020-26116

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-26116
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-26116.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-26116
Aliases
Downstream
Related
Published
2020-09-27T04:15:11Z
Modified
2025-08-11T14:44:34.234527Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.

References

Affected packages

Git / github.com/python/cpython

Affected ranges

Type
GIT
Repo
https://github.com/python/cpython
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed