Security Advisory

CVE-2020-26116

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-09-27 00:00:00
Last updated 2024-08-04 15:49:07
Assigner mitre
State PUBLISHED

Description

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.