http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00027.html
https://bugs.python.org/issue39603
https://lists.debian.org/debian-lts-announce/2020/11/msg00032.html
https://python-security.readthedocs.io/vuln/http-header-injection-method.html
https://security.gentoo.org/glsa/202101-18
Source: MITRE
Published: 2020-09-27
Updated: 2021-01-26
Type: CWE-116
Base Score: 6.4
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Impact Score: 4.9
Exploitability Score: 10
Severity: MEDIUM
Base Score: 7.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Impact Score: 2.7
Exploitability Score: 3.9
Severity: HIGH
OR
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
148008 | Ubuntu 18.04 LTS / 20.04 LTS : Python vulnerabilities (USN-4754-3) | Nessus | Ubuntu Local Security Checks | high |
147696 | EulerOS : python3 (EulerOS-SA-2021-1649) | Nessus | Huawei Local Security Checks | high |
147485 | EulerOS : python3 (EulerOS-SA-2021-1623) | Nessus | Huawei Local Security Checks | high |
147474 | EulerOS Virtualization 3.0.2.6 : python (EulerOS-SA-2021-1449) | Nessus | Huawei Local Security Checks | medium |
147120 | EulerOS Virtualization for ARM 64 3.0.6.0 : python3 (EulerOS-SA-2021-1560) | Nessus | Huawei Local Security Checks | high |
147105 | EulerOS Virtualization 3.0.6.6 : python (EulerOS-SA-2021-1512) | Nessus | Huawei Local Security Checks | high |
147031 | EulerOS Virtualization for ARM 64 3.0.6.0 : python2 (EulerOS-SA-2021-1543) | Nessus | Huawei Local Security Checks | high |
146127 | EulerOS 2.0 SP5 : python (EulerOS-SA-2021-1226) | Nessus | Huawei Local Security Checks | high |
145389 | openSUSE Security Update : python3 (openSUSE-2020-2333) | Nessus | SuSE Local Security Checks | high |
145326 | openSUSE Security Update : python3 (openSUSE-2020-2332) | Nessus | SuSE Local Security Checks | high |
145303 | GLSA-202101-18 : Python: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
145144 | EulerOS 2.0 SP3 : python (EulerOS-SA-2021-1114) | Nessus | Huawei Local Security Checks | high |
144586 | SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:3930-1) | Nessus | SuSE Local Security Checks | high |
143876 | SUSE SLES12 Security Update : python (SUSE-SU-2020:3121-1) | Nessus | SuSE Local Security Checks | medium |
143854 | SUSE SLES12 Security Update : python3 (SUSE-SU-2020:3262-1) | Nessus | SuSE Local Security Checks | medium |
143830 | SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:3115-1) | Nessus | SuSE Local Security Checks | medium |
143646 | SUSE SLES12 Security Update : python36 (SUSE-SU-2020:3563-1) | Nessus | SuSE Local Security Checks | medium |
143182 | openSUSE Security Update : python (openSUSE-2020-1988) | Nessus | SuSE Local Security Checks | medium |
143104 | Debian DLA-2456-1 : python3.5 security update | Nessus | Debian Local Security Checks | medium |
142975 | Amazon Linux AMI : python27 (ALAS-2020-1454) | Nessus | Amazon Linux Local Security Checks | medium |
142935 | Fedora 32 : mingw-python3 (2020-d42cb01973) | Nessus | Fedora Local Security Checks | medium |
142630 | openSUSE Security Update : python (openSUSE-2020-1859) | Nessus | SuSE Local Security Checks | medium |
142360 | EulerOS 2.0 SP9 : python3 (EulerOS-SA-2020-2419) | Nessus | Huawei Local Security Checks | medium |
142308 | EulerOS 2.0 SP2 : python (EulerOS-SA-2020-2388) | Nessus | Huawei Local Security Checks | medium |
142243 | EulerOS : python3 (EulerOS-SA-2020-2437) | Nessus | Huawei Local Security Checks | medium |
142161 | EulerOS 2.0 SP8 : python2 (EulerOS-SA-2020-2317) | Nessus | Huawei Local Security Checks | medium |
142147 | EulerOS 2.0 SP8 : python3 (EulerOS-SA-2020-2318) | Nessus | Huawei Local Security Checks | medium |
142104 | Fedora 31 : python2 (2020-e33acdea18) | Nessus | Fedora Local Security Checks | medium |
141865 | Photon OS 3.0: Python3 PHSA-2020-3.0-0155 | Nessus | PhotonOS Local Security Checks | medium |
141521 | Fedora 32 : python34 (2020-d30881c970) | Nessus | Fedora Local Security Checks | medium |
141515 | Fedora 32 : python27 (2020-887d3fa26f) | Nessus | Fedora Local Security Checks | medium |
141478 | Photon OS 1.0: Python3 PHSA-2020-1.0-0332 | Nessus | PhotonOS Local Security Checks | medium |
141477 | Photon OS 2.0: Python3 PHSA-2020-2.0-0289 | Nessus | PhotonOS Local Security Checks | medium |
141459 | Ubuntu 16.04 LTS / 18.04 LTS : Python vulnerability (USN-4581-1) | Nessus | Ubuntu Local Security Checks | medium |
141277 | Fedora 33 : python2.7 (2020-221823ebdd) | Nessus | Fedora Local Security Checks | medium |