CVE-2020-26116 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Url request injection
Description	http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1597	python2	2.7.18-2	2.7.18-3	High	Fixed	FS#68063

Date	Advisory	Group	Package	Severity	Type
25 Mar 2021	ASA-202103-27	AVG-1597	python2	High	multiple issues

References
https://python-security.readthedocs.io/vuln/http-header-injection-method.html https://bugs.python.org/issue39603 https://github.com/python/cpython/pull/18485 https://github.com/python/cpython/commit/8ca8a2e8fb068863c1138f07e3098478ef8be12e

References

https://python-security.readthedocs.io/vuln/http-header-injection-method.html
https://bugs.python.org/issue39603
https://github.com/python/cpython/pull/18485
https://github.com/python/cpython/commit/8ca8a2e8fb068863c1138f07e3098478ef8be12e