CVE-2020-7695

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-7695

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7695.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-7695

Aliases

GHSA-f97h-2pfx-f59f
PYSEC-2020-151
SNYK-PYTHON-UVICORN-570471

Related

SNYK-PYTHON-UVICORN-570471
UBUNTU-CVE-2020-7695

Published

2020-07-27T12:15:11Z

Modified

2025-01-08T07:33:44.420942Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers.

References

Affected packages

Debian:11 / python-uvicorn

Package

Name: python-uvicorn
Purl: pkg:deb/debian/python-uvicorn?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.13.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / python-uvicorn

Package

Name: python-uvicorn
Purl: pkg:deb/debian/python-uvicorn?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.13.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / python-uvicorn

Package

Name: python-uvicorn
Purl: pkg:deb/debian/python-uvicorn?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.13.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/encode/uvicorn

Affected ranges

Type: GIT
Repo: https://github.com/encode/uvicorn
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

178bee6ef51c79b296ca70a467f00da20dfae712

Affected versions

0.*

0.0.1

0.0.10

0.0.11

0.0.12

0.0.13

0.0.14

0.0.15

0.0.2

0.0.3

0.0.4

0.0.5

0.0.6

0.0.7

0.0.8

0.0.9

0.1.0

0.1.1

0.10.0

0.10.1

0.10.2

0.10.3

0.10.4

0.10.5

0.10.6

0.10.7

0.10.8

0.11.0

0.11.1

0.11.2

0.11.3

0.11.4

0.11.5

0.11.6

0.2.0

0.2.1

0.2.10

0.2.11

0.2.12

0.2.13

0.2.14

0.2.15

0.2.16

0.2.17

0.2.18

0.2.19

0.2.2

0.2.20

0.2.21

0.2.22

0.2.3

0.2.4

0.2.5

0.2.6

0.2.8

0.2.9

0.3.0

0.3.1

0.3.10

0.3.11

0.3.12

0.3.13

0.3.14

0.3.15

0.3.16

0.3.17

0.3.18

0.3.19

0.3.2

0.3.20

0.3.21

0.3.22

0.3.23

0.3.24

0.3.25

0.3.26

0.3.27

0.3.28

0.3.29

0.3.3

0.3.30

0.3.31

0.3.32

0.3.4

0.3.5

0.3.6

0.3.7

0.3.8

0.3.9

0.4.0

0.4.1

0.4.2

0.4.3

0.4.4

0.4.5

0.4.6

0.5.0

0.5.1

0.5.2

0.6.0

0.6.1

0.7.0

0.7.0.b1

0.7.0.b2

0.7.1

0.7.2

0.7.3

0.8.0

0.8.1

0.8.2

0.8.3

0.8.4

0.8.5

0.8.6

0.9.0

0.9.1