Description
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
Remediation
References
Related Vulnerabilities
WordPress Plugin Video Comments Webcam Recorder Cross-Site Scripting (1.55)
WordPress Plugin W3SCloud Contact Form 7 to Zoho CRM Cross-Site Scripting (1.1.2)
IBM RTC Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-7440)
WordPress Plugin Responsive Filterable Portfolio Unspecified Vulnerability (1.0.8)
MongoDb Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2021-32036)