VYPR
Moderate severityNVD Advisory· Published Sep 29, 2020· Updated Aug 4, 2024

CVE-2020-26137

CVE-2020-26137

Description

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
urllib3PyPI
< 1.25.91.25.9

Affected products

374

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.