VDB

DEBIAN-CVE-2020-26116

DEBIAN-CVE-2020-26116 PUBLISHED CVSS 7.199999809265137 HIGH

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.

Risk Scores

CVSS 3.1
7.199999809265137
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Affected Products

VendorProductVersions
Debian:11pypy30, 0, 0
Debian:14pypy30, 0, 0
Debian:12pypy30, 0, 0
Debian:13pypy30, 0, 0
Debian:11python3.90, 0, 0
Debian:11python2.72.7.18-13, 2.7.18-13.1~exp1, 2.7.18-13.2

Exploit Intelligence

Timeline

  • Sep 27, 2020 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›