WEB APPLICATION VULNERABILITIES Standard & Premium

Python Improper Encoding or Escaping of Output Vulnerability (CVE-2020-26116)

Description

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.

Remediation

References

Related Vulnerabilities

MySQL CVE-2012-1690 Vulnerability (CVE-2012-1690)

WordPress Plugin Contact Form Email Cross-Site Scripting (1.1.47)

WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.14)

WordPress Plugin U BuddyPress Forum Attachment 'fileurl' Parameter Remote File Disclosure (1.1.1)

Squid NULL Pointer Dereference Vulnerability (CVE-2020-14058)

Severity

High

Classification

CVE-2020-26116 CWE-116 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities