vulnerability
Oracle Linux: CVE-2020-26116: ELSA-2021-1633: python3 security update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:N/C:P/I:P/A:N) | Feb 10, 2020 | May 26, 2021 | Dec 3, 2025 |
Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published
Feb 10, 2020
Added
May 26, 2021
Modified
Dec 3, 2025
Description
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
A flaw was found in Python. The built-in modules httplib and http.client (included in Python 2 and Python 3, respectively) do not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation to the request by injecting additional HTTP headers. The highest threat from this vulnerability is to confidentiality and integrity.
A flaw was found in Python. The built-in modules httplib and http.client (included in Python 2 and Python 3, respectively) do not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation to the request by injecting additional HTTP headers. The highest threat from this vulnerability is to confidentiality and integrity.
Solutions
oracle-linux-upgrade-babeloracle-linux-upgrade-platform-pythonoracle-linux-upgrade-platform-python-debugoracle-linux-upgrade-platform-python-develoracle-linux-upgrade-pythonoracle-linux-upgrade-python2oracle-linux-upgrade-python2-attrsoracle-linux-upgrade-python2-babeloracle-linux-upgrade-python2-backportsoracle-linux-upgrade-python2-backports-ssl-match-hostnameoracle-linux-upgrade-python2-bsonoracle-linux-upgrade-python2-chardetoracle-linux-upgrade-python2-coverageoracle-linux-upgrade-python2-cythonoracle-linux-upgrade-python2-debugoracle-linux-upgrade-python2-develoracle-linux-upgrade-python2-dnsoracle-linux-upgrade-python2-docsoracle-linux-upgrade-python2-docs-infooracle-linux-upgrade-python2-docutilsoracle-linux-upgrade-python2-funcsigsoracle-linux-upgrade-python2-idnaoracle-linux-upgrade-python2-ipaddressoracle-linux-upgrade-python2-jinja2oracle-linux-upgrade-python2-libsoracle-linux-upgrade-python2-lxmloracle-linux-upgrade-python2-markupsafeoracle-linux-upgrade-python2-mockoracle-linux-upgrade-python2-noseoracle-linux-upgrade-python2-numpyoracle-linux-upgrade-python2-numpy-docoracle-linux-upgrade-python2-numpy-f2pyoracle-linux-upgrade-python2-piporacle-linux-upgrade-python2-pip-wheeloracle-linux-upgrade-python2-pluggyoracle-linux-upgrade-python2-psycopg2oracle-linux-upgrade-python2-psycopg2-debugoracle-linux-upgrade-python2-psycopg2-testsoracle-linux-upgrade-python2-pyoracle-linux-upgrade-python2-pygmentsoracle-linux-upgrade-python2-pymongooracle-linux-upgrade-python2-pymongo-gridfsoracle-linux-upgrade-python2-pymysqloracle-linux-upgrade-python2-pysocksoracle-linux-upgrade-python2-pytestoracle-linux-upgrade-python2-pytest-mockoracle-linux-upgrade-python2-pytzoracle-linux-upgrade-python2-pyyamloracle-linux-upgrade-python2-requestsoracle-linux-upgrade-python2-rpm-macrosoracle-linux-upgrade-python2-scipyoracle-linux-upgrade-python2-setuptoolsoracle-linux-upgrade-python2-setuptools-scmoracle-linux-upgrade-python2-setuptools-wheeloracle-linux-upgrade-python2-sixoracle-linux-upgrade-python2-sqlalchemyoracle-linux-upgrade-python2-testoracle-linux-upgrade-python2-tkinteroracle-linux-upgrade-python2-toolsoracle-linux-upgrade-python2-urllib3oracle-linux-upgrade-python2-virtualenvoracle-linux-upgrade-python2-wheeloracle-linux-upgrade-python2-wheel-wheeloracle-linux-upgrade-python38oracle-linux-upgrade-python38-asn1cryptooracle-linux-upgrade-python38-babeloracle-linux-upgrade-python38-cffioracle-linux-upgrade-python38-chardetoracle-linux-upgrade-python38-cryptographyoracle-linux-upgrade-python38-cythonoracle-linux-upgrade-python38-debugoracle-linux-upgrade-python38-develoracle-linux-upgrade-python38-idleoracle-linux-upgrade-python38-idnaoracle-linux-upgrade-python38-jinja2oracle-linux-upgrade-python38-libsoracle-linux-upgrade-python38-lxmloracle-linux-upgrade-python38-markupsafeoracle-linux-upgrade-python38-mod-wsgioracle-linux-upgrade-python38-numpyoracle-linux-upgrade-python38-numpy-docoracle-linux-upgrade-python38-numpy-f2pyoracle-linux-upgrade-python38-piporacle-linux-upgrade-python38-pip-wheeloracle-linux-upgrade-python38-plyoracle-linux-upgrade-python38-psutiloracle-linux-upgrade-python38-psycopg2oracle-linux-upgrade-python38-psycopg2-docoracle-linux-upgrade-python38-psycopg2-testsoracle-linux-upgrade-python38-pycparseroracle-linux-upgrade-python38-pymysqloracle-linux-upgrade-python38-pysocksoracle-linux-upgrade-python38-pytzoracle-linux-upgrade-python38-pyyamloracle-linux-upgrade-python38-requestsoracle-linux-upgrade-python38-rpm-macrosoracle-linux-upgrade-python38-scipyoracle-linux-upgrade-python38-setuptoolsoracle-linux-upgrade-python38-setuptools-wheeloracle-linux-upgrade-python38-sixoracle-linux-upgrade-python38-testoracle-linux-upgrade-python38-tkinteroracle-linux-upgrade-python38-urllib3oracle-linux-upgrade-python38-wheeloracle-linux-upgrade-python38-wheel-wheeloracle-linux-upgrade-python3-idleoracle-linux-upgrade-python3-libsoracle-linux-upgrade-python3-testoracle-linux-upgrade-python3-tkinteroracle-linux-upgrade-python-debugoracle-linux-upgrade-python-develoracle-linux-upgrade-python-libsoracle-linux-upgrade-python-nose-docsoracle-linux-upgrade-python-psycopg2-docoracle-linux-upgrade-python-sqlalchemy-docoracle-linux-upgrade-python-testoracle-linux-upgrade-python-toolsoracle-linux-upgrade-tkinter
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.