Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 749336 (CVE-2020-26137)

Summary: <dev-python/urllib3-1.25.9: CRLF injection (CVE-2020-26137)
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: python
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugs.python.org/issue39603
Whiteboard: B3 [noglsa cve]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-10-15 18:16:30 UTC
CVE-2020-26137:

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

Maintainers, please cleanup.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2020-12-23 01:03:05 UTC
GLSA Vote: No

Repository is clean, all done!