An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with rn (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1.
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Python | Python | 2.0 (including) | 2.7.17 (including) |
Python | Python | 3.0 (including) | 3.5.10 (excluding) |
Python | Python | 3.6.0 (including) | 3.6.11 (excluding) |
Python | Python | 3.7.0 (including) | 3.7.8 (excluding) |
Python | Python | 3.8.0 (including) | 3.8.3 (excluding) |
Red Hat Software Collections for Red Hat Enterprise Linux 6 | RedHat | rh-python36-python-0:3.6.12-1.el6 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 6 | RedHat | rh-python36-python-pip-0:9.0.1-5.el6 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 6 | RedHat | rh-python36-python-virtualenv-0:15.1.0-3.el6 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | python27-python-0:2.7.18-2.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | python27-python-pip-0:8.1.2-6.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | python27-python-virtualenv-0:13.1.0-4.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-python36-python-0:3.6.12-1.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-python36-python-pip-0:9.0.1-5.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-python36-python-virtualenv-0:15.1.0-3.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | python27-python-0:2.7.18-2.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | python27-python-pip-0:8.1.2-6.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | python27-python-virtualenv-0:13.1.0-4.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | rh-python36-python-0:3.6.12-1.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | rh-python36-python-pip-0:9.0.1-5.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | rh-python36-python-virtualenv-0:15.1.0-3.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | python27-python-0:2.7.18-2.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | python27-python-pip-0:8.1.2-6.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | python27-python-virtualenv-0:13.1.0-4.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | rh-python36-python-0:3.6.12-1.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | rh-python36-python-pip-0:9.0.1-5.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | rh-python36-python-virtualenv-0:15.1.0-3.el7 | * |
Python2.7 | Ubuntu | bionic | * |
Python2.7 | Ubuntu | disco | * |
Python2.7 | Ubuntu | eoan | * |
Python2.7 | Ubuntu | trusty | * |
Python2.7 | Ubuntu | trusty/esm | * |
Python2.7 | Ubuntu | xenial | * |
Python3.4 | Ubuntu | trusty | * |
Python3.4 | Ubuntu | trusty/esm | * |
Python3.5 | Ubuntu | trusty | * |
Python3.5 | Ubuntu | trusty/esm | * |
Python3.5 | Ubuntu | xenial | * |
Python3.6 | Ubuntu | bionic | * |
Python3.7 | Ubuntu | bionic | * |
Python3.7 | Ubuntu | disco | * |
Python3.7 | Ubuntu | eoan | * |
Python3.7 | Ubuntu | esm-apps/bionic | * |
Python3.8 | Ubuntu | bionic | * |
Python3.8 | Ubuntu | disco | * |
Python3.8 | Ubuntu | eoan | * |
Python3.8 | Ubuntu | esm-apps/bionic | * |
Python3.8 | Ubuntu | focal | * |
Python3.8 | Ubuntu | groovy | * |