VDB
DEBIAN-CVE-2020-26116
DEBIAN-CVE-2020-26116
PUBLISHED
CVSS 7.199999809265137 HIGH
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
Risk Scores
CVSS 3.1
7.199999809265137
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | pypy3 | 0, 0, 0 |
| Debian:14 | pypy3 | 0, 0, 0 |
| Debian:12 | pypy3 | 0, 0, 0 |
| Debian:13 | pypy3 | 0, 0, 0 |
| Debian:11 | python3.9 | 0, 0, 0 |
| Debian:11 | python2.7 | 2.7.18-13, 2.7.18-13.1~exp1, 2.7.18-13.2 |
Exploit Intelligence
- zephyr-crosstool-arm-grype.html (github-poc)
Timeline
- Sep 27, 2020 CVE Published
- Apr 28, 2026 CVE Updated