Vulnetix
Try Vulnetix Request Demo
BIT-python-min-2020-26116 PUBLISHED CVSS 7.199999809265137 HIGH

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.

Risk Scores

CVSS v3.1
7.199999809265137
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Affected Products

VendorProductVersions
Bitnamipython-min3.0.0, 3.6.0, 3.7.0

Timeline

References

Open in Interactive Console →