CVE-2020-26137

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-26137

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-26137.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-26137

Aliases

Related

Published

2020-09-30T18:15:26Z

Modified

2024-09-11T04:37:39.123361Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

References

Affected packages

Alpine:v3.13 / py3-urllib3

Package

Name: py3-urllib3
Purl: pkg:apk/alpine/py3-urllib3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.25.9-r0

Affected versions

1.*

1.18-r0

1.21.1-r0

1.22-r0

1.24.1-r0

1.24.1-r1

1.24.2-r0

1.25.1-r0

1.25.2-r0

1.25.3-r0

1.25.5-r0

1.25.6-r0

1.25.6-r1

1.25.7-r0

1.25.7-r1

1.25.8-r0

Alpine:v3.14 / py3-urllib3

Package

Name: py3-urllib3
Purl: pkg:apk/alpine/py3-urllib3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.25.9-r0

Affected versions

1.*

1.18-r0

1.21.1-r0

1.22-r0

1.24.1-r0

1.24.1-r1

1.24.2-r0

1.25.1-r0

1.25.2-r0

1.25.3-r0

1.25.5-r0

1.25.6-r0

1.25.6-r1

1.25.7-r0

1.25.7-r1

1.25.8-r0

Alpine:v3.15 / py3-urllib3

Package

Name: py3-urllib3
Purl: pkg:apk/alpine/py3-urllib3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.25.9-r0

Affected versions

1.*

1.18-r0

1.21.1-r0

1.22-r0

1.24.1-r0

1.24.1-r1

1.24.2-r0

1.25.1-r0

1.25.2-r0

1.25.3-r0

1.25.5-r0

1.25.6-r0

1.25.6-r1

1.25.7-r0

1.25.7-r1

1.25.8-r0

Alpine:v3.16 / py3-urllib3

Package

Name: py3-urllib3
Purl: pkg:apk/alpine/py3-urllib3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.25.9-r0

Affected versions

1.*

1.18-r0

1.21.1-r0

1.22-r0

1.24.1-r0

1.24.1-r1

1.24.2-r0

1.25.1-r0

1.25.2-r0

1.25.3-r0

1.25.5-r0

1.25.6-r0

1.25.6-r1

1.25.7-r0

1.25.7-r1

1.25.8-r0

Alpine:v3.17 / py3-urllib3

Package

Name: py3-urllib3
Purl: pkg:apk/alpine/py3-urllib3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.25.9-r0

Affected versions

1.*

1.18-r0

1.21.1-r0

1.22-r0

1.24.1-r0

1.24.1-r1

1.24.2-r0

1.25.1-r0

1.25.2-r0

1.25.3-r0

1.25.5-r0

1.25.6-r0

1.25.6-r1

1.25.7-r0

1.25.7-r1

1.25.8-r0

Alpine:v3.18 / py3-urllib3

Package

Name: py3-urllib3
Purl: pkg:apk/alpine/py3-urllib3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.25.9-r0

Affected versions

1.*

1.18-r0

1.21.1-r0

1.22-r0

1.24.1-r0

1.24.1-r1

1.24.2-r0

1.25.1-r0

1.25.2-r0

1.25.3-r0

1.25.5-r0

1.25.6-r0

1.25.6-r1

1.25.7-r0

1.25.7-r1

1.25.8-r0

Alpine:v3.19 / py3-urllib3

Package

Name: py3-urllib3
Purl: pkg:apk/alpine/py3-urllib3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.25.9-r0

Affected versions

1.*

1.18-r0

1.21.1-r0

1.22-r0

1.24.1-r0

1.24.1-r1

1.24.2-r0

1.25.1-r0

1.25.2-r0

1.25.3-r0

1.25.5-r0

1.25.6-r0

1.25.6-r1

1.25.7-r0

1.25.7-r1

1.25.8-r0

Alpine:v3.20 / py3-urllib3

Package

Name: py3-urllib3
Purl: pkg:apk/alpine/py3-urllib3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.25.9-r0

Affected versions

1.*

1.18-r0

1.21.1-r0

1.22-r0

1.24.1-r0

1.24.1-r1

1.24.2-r0

1.25.1-r0

1.25.2-r0

1.25.3-r0

1.25.5-r0

1.25.6-r0

1.25.6-r1

1.25.7-r0

1.25.7-r1

1.25.8-r0

Debian:11 / python-urllib3

Package

Name: python-urllib3
Purl: pkg:deb/debian/python-urllib3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.25.9-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / python-urllib3

Package

Name: python-urllib3
Purl: pkg:deb/debian/python-urllib3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.25.9-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / python-urllib3

Package

Name: python-urllib3
Purl: pkg:deb/debian/python-urllib3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.25.9-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/urllib3/urllib3

Affected ranges

Type: GIT
Repo: https://github.com/urllib3/urllib3
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1dd69c5c5982fae7c87a620d487c2ebf7a6b436b

Affected versions

0.*

0.3

0.3.1

0.4

0.4.1

1.*

1.0

1.0.1

1.0.2

1.1

1.10

1.10.1

1.10.2

1.2

1.2.1

1.25

1.25.1

1.25.2

1.25.3

1.25.4

1.25.5

1.25.6

1.25.7

1.25.8

1.3

1.4

1.5

1.6

1.7

1.7.1

1.8

1.8.1

1.8.2

1.8.3

1.9

1.9.1