Description
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
Remediation
References
Related Vulnerabilities
Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5324)
Microsoft SQL Server Other Vulnerability (CVE-2002-1137)
WordPress Plugin Wufoo Shortcode Cross-Site Scripting (1.47)
Python Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-20907)
Drupal Core 4.6.x Multiple Cross-Site Scripting Vulnerabilities (4.6.0 - 4.6.9)