Description
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.
Remediation
References
Related Vulnerabilities
Dot CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-17422)
Drupal Improper Input Validation Vulnerability (CVE-2012-5653)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-10968)
e107 Other Vulnerability (CVE-2004-2262)
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2021-24066)