CVE-2019-11236

Affecting python-urllib3 package, versions debian:10: * || debian:8: * || debian:9: * || debian:unstable: * || ubuntu:14.04: * || ubuntu:16.04: <1.13.1-2ubuntu0.16.04.3 || ubuntu:18.04: <1.22-1ubuntu0.18.04.1 || ubuntu:18.10: <1.22-1ubuntu0.18.10.1

low severity
Do your applications use this vulnerable package? Test your applications

Overview

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.

References

CVE
CVE-2019-11236
Snyk ID
SNYK-LINUX-PYTHONURLLIB3-443430
Published
15 Apr, 2019