configcat/python-sdk:requirements.txt

Vulnerabilities 1 via 2 paths
Dependencies 7
Source GitHub

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0
high severity

CRLF injection

  • Vulnerable module: urllib3
  • Introduced through: requests@2.21.0 and cachecontrol@0.12.5

Detailed paths

  • Introduced through: configcat/python-sdk@configcat/python-sdk requests@2.21.0 urllib3@1.24.2
  • Introduced through: configcat/python-sdk@configcat/python-sdk cachecontrol@0.12.5 requests@2.21.0 urllib3@1.24.2

Overview

urllib3 is an HTTP library with thread-safe connection pooling, file post, and more.

Affected versions of this package are vulnerable to CRLF injection. Attacker who has the control of the requesting address parameter, could manipulate an HTTP header and attack an internal service.

Remediation

Upgrade urllib3 to version 12.24.2 or higher.

References