Pext/Pext

Vulnerabilities 1 via 2 paths
Dependencies 14
Source GitHub
Commit b4d27f8d

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0
high severity

CRLF injection

  • Vulnerable module: urllib3
  • Introduced through: dulwich@0.19.11 and requests@2.21.0

Detailed paths

  • Introduced through: Pext/Pext@Pext/Pext#b4d27f8d085e8b6e102a3e99f5dcb4740f42bd48 dulwich@0.19.11 urllib3@1.25
  • Introduced through: Pext/Pext@Pext/Pext#b4d27f8d085e8b6e102a3e99f5dcb4740f42bd48 requests@2.21.0 urllib3@1.25

Overview

urllib3 is an HTTP library with thread-safe connection pooling, file post, and more.

Affected versions of this package are vulnerable to CRLF injection. Attacker who has the control of the requesting address parameter, could manipulate an HTTP header and attack an internal service.

Remediation

A fix was pushed into the master branch but not yet published.

References