VDB
PYSEC-2019-132
PYSEC-2019-132
PUBLISHED
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PyPI | urllib3 | 1.8.3, 0, 0.3 |
Timeline
- Apr 15, 2019 CVE Published
- Nov 8, 2023 CVE Updated
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
References
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL/ url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR/ url
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html url
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html url
- https://usn.ubuntu.com/3990-1/ advisory
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/ url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/ url
- https://github.com/advisories/GHSA-r64q-w8jr-g9qp advisory
- https://github.com/urllib3/urllib3/issues/1553 discussion
- https://lists.debian.org/debian-lts-announce/2019/06/msg00016.html advisory
- https://usn.ubuntu.com/3990-2/ advisory
- https://access.redhat.com/errata/RHSA-2019:2272 advisory
- https://access.redhat.com/errata/RHSA-2019:3335 advisory
- https://access.redhat.com/errata/RHSA-2019:3590 advisory