---

CVE-2020-26116 - log back

CVE-2020-26116 edited at 21 Feb 2021 11:05:51
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Url request injection
Description	+ http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
References	+ https://python-security.readthedocs.io/vuln/http-header-injection-method.html + https://bugs.python.org/issue39603 + https://github.com/python/cpython/pull/18485 + https://github.com/python/cpython/commit/8ca8a2e8fb068863c1138f07e3098478ef8be12e

CVE-2020-26116 created at 21 Feb 2021 10:59:50
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes