CVE-2020-26116 log

Source
Severity Medium
Remote Yes
Type Url request injection
Description
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
Group Package Affected Fixed Severity Status Ticket
AVG-1597 python2 2.7.18-2 Medium Vulnerable FS#68063
References
https://python-security.readthedocs.io/vuln/http-header-injection-method.html
https://bugs.python.org/issue39603
https://github.com/python/cpython/pull/18485
https://github.com/python/cpython/commit/8ca8a2e8fb068863c1138f07e3098478ef8be12e