UBUNTU-CVE-2020-26137

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2020-26137
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-26137.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2020-26137
Related
Published
2020-09-30T00:00:00Z
Modified
2025-01-13T10:22:17Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

References

Affected packages

Ubuntu:Pro:14.04:LTS / python-pip

Package

Name
python-pip
Purl
pkg:deb/ubuntu/python-pip@1.5.4-1ubuntu4+esm5?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.1-2
1.5.4-1
1.5.4-1ubuntu1
1.5.4-1ubuntu3
1.5.4-1ubuntu4
1.5.4-1ubuntu4+esm1
1.5.4-1ubuntu4+esm2
1.5.4-1ubuntu4+esm3
1.5.4-1ubuntu4+esm4
1.5.4-1ubuntu4+esm5

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:14.04:LTS / python-urllib3

Package

Name
python-urllib3
Purl
pkg:deb/ubuntu/python-urllib3@1.7.1-1ubuntu4.1+esm1?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.6-2
1.7.1-1
1.7.1-1build1
1.7.1-1ubuntu0.1
1.7.1-1ubuntu3
1.7.1-1ubuntu4
1.7.1-1ubuntu4.1
1.7.1-1ubuntu4.1+esm1

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:16.04:LTS / python-pip

Package

Name
python-pip
Purl
pkg:deb/ubuntu/python-pip@8.1.1-2ubuntu0.6?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.1.1-2ubuntu0.6

Affected versions

1.*

1.5.6-7ubuntu1
1.5.6-7ubuntu2

8.*

8.0.2-7
8.0.3-1
8.0.3-2
8.1.0-1
8.1.0-2
8.1.1-1
8.1.1-2
8.1.1-2ubuntu0.1
8.1.1-2ubuntu0.2
8.1.1-2ubuntu0.4

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "python-pip",
            "binary_version": "8.1.1-2ubuntu0.6"
        },
        {
            "binary_name": "python-pip-whl",
            "binary_version": "8.1.1-2ubuntu0.6"
        },
        {
            "binary_name": "python3-pip",
            "binary_version": "8.1.1-2ubuntu0.6"
        }
    ],
    "ubuntu_priority": "medium"
}

Ubuntu:16.04:LTS / python-urllib3

Package

Name
python-urllib3
Purl
pkg:deb/ubuntu/python-urllib3@1.13.1-2ubuntu0.16.04.4?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.13.1-2ubuntu0.16.04.4

Affected versions

1.*

1.11-1
1.12-1
1.13.1-1
1.13.1-2
1.13.1-2ubuntu0.16.04.1
1.13.1-2ubuntu0.16.04.2
1.13.1-2ubuntu0.16.04.3

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "python-urllib3",
            "binary_version": "1.13.1-2ubuntu0.16.04.4"
        },
        {
            "binary_name": "python3-urllib3",
            "binary_version": "1.13.1-2ubuntu0.16.04.4"
        }
    ],
    "ubuntu_priority": "medium"
}

Ubuntu:18.04:LTS / python-pip

Package

Name
python-pip
Purl
pkg:deb/ubuntu/python-pip@9.0.1-2.3~ubuntu1.18.04.3?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.0.1-2.3~ubuntu1.18.04.3

Affected versions

9.*

9.0.1-2
9.0.1-2.3~ubuntu1
9.0.1-2.3~ubuntu1.18.04.1
9.0.1-2.3~ubuntu1.18.04.2

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "python-pip",
            "binary_version": "9.0.1-2.3~ubuntu1.18.04.3"
        },
        {
            "binary_name": "python-pip-whl",
            "binary_version": "9.0.1-2.3~ubuntu1.18.04.3"
        },
        {
            "binary_name": "python3-pip",
            "binary_version": "9.0.1-2.3~ubuntu1.18.04.3"
        }
    ],
    "ubuntu_priority": "medium"
}

Ubuntu:18.04:LTS / python-urllib3

Package

Name
python-urllib3
Purl
pkg:deb/ubuntu/python-urllib3@1.22-1ubuntu0.18.04.2?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.22-1ubuntu0.18.04.2

Affected versions

1.*

1.21.1-1
1.22-1
1.22-1ubuntu0.18.04.1

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "python-urllib3",
            "binary_version": "1.22-1ubuntu0.18.04.2"
        },
        {
            "binary_name": "python3-urllib3",
            "binary_version": "1.22-1ubuntu0.18.04.2"
        }
    ],
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / python-pip

Package

Name
python-pip
Purl
pkg:deb/ubuntu/python-pip@20.0.2-5ubuntu1.1?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20.0.2-5ubuntu1.1

Affected versions

18.*

18.1-5
18.1-5build1
18.1-5ubuntu1

20.*

20.0.2-2
20.0.2-4
20.0.2-5
20.0.2-5ubuntu1

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "python-pip-whl",
            "binary_version": "20.0.2-5ubuntu1.1"
        },
        {
            "binary_name": "python3-pip",
            "binary_version": "20.0.2-5ubuntu1.1"
        }
    ],
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / python-urllib3

Package

Name
python-urllib3
Purl
pkg:deb/ubuntu/python-urllib3@1.25.8-2ubuntu0.1?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.25.8-2ubuntu0.1

Affected versions

1.*

1.24.1-1ubuntu1
1.24.1-1ubuntu2
1.25.8-1
1.25.8-2

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "python3-urllib3",
            "binary_version": "1.25.8-2ubuntu0.1"
        }
    ],
    "ubuntu_priority": "medium"
}