Improper Encoding or Escaping of Output in python3.5

Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.

Remediation

Upgrade python3.5 to version or higher.

References

ADVISORY
CONFIRM
FEDORA
FEDORA
FEDORA
FEDORA
FEDORA
GENTOO
MISC
MISC
MLIST
SUSE
UBUNTU

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Changed
Confidentiality

Low
Integrity

Low
Availability

None

CVE: CVE-2020-26116
CWE: CWE-116
Snyk ID: SNYK-DEBIAN9-PYTHON35-1013421
Disclosed: 27 Sep, 2020
Published: 27 Sep, 2020

Improper Encoding or Escaping of Output
Affecting python3.5 package, versions <3.5.3-1+deb9u3

Overview

Remediation

References

CVSS Score

Improper Encoding or Escaping of Output Affecting python3.5 package, versions <3.5.3-1+deb9u3

Overview

Remediation

References

Improper Encoding or Escaping of Output
Affecting python3.5 package, versions <3.5.3-1+deb9u3