VYPR
Unrated severityNVD Advisory· Published Sep 27, 2020· Updated Aug 4, 2024

CVE-2020-26116

CVE-2020-26116

Description

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

144

Patches

Vulnerability mechanics

References

14

News mentions

0

No linked articles in our index yet.