An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.
Product: |
runtime/python-37 |
runtime/python-35 |
runtime/python-34 |
runtime/python-27 |
runtime/python-27/tests |
library/python/wrapt |
library/python/wrapt-37 |
library/python/wrapt-35 |
library/python/wrapt-34 |
library/python/wrapt-27 |
library/python/virtualenv |
library/python/virtualenv-37 |
library/python/virtualenv-35 |
library/python/virtualenv-34 |
library/python/virtualenv-27 |
library/python/urllib3 |
library/python/urllib3-37 |
library/python/urllib3-35 |
library/python/urllib3-34 |
library/python/urllib3-27 |
library/python/tkinter-37 |
library/python/tkinter-35 |
library/python/tkinter-34 |
library/python/tkinter-27 |
library/python/tempora |
library/python/tempora-37 |
library/python/tempora-35 |
library/python/tempora-34 |
library/python/tempora-27 |
library/python/sqlparse |
library/python/sqlparse-37 |
library/python/sqlparse-35 |
library/python/sqlparse-34 |
library/python/sqlparse-27 |
library/python/six |
library/python/six-37 |
library/python/six-35 |
library/python/six-34 |
library/python/six-27 |
library/python/simplejson |
library/python/simplejson-37 |
library/python/simplejson-35 |
library/python/simplejson-34 |
library/python/simplejson-27 |
library/python/setuptools_scm |
library/python/setuptools_scm-37 |
library/python/setuptools_scm-35 |
library/python/setuptools_scm-34 |
library/python/setuptools_scm-27 |
library/python/setuptools |
library/python/setuptools-37 |
library/python/setuptools-35 |
library/python/setuptools-34 |
library/python/setuptools-27 |
library/python/scandir |
library/python/scandir-34 |
library/python/scandir-27 |
library/python/requestsexceptions |
library/python/requestsexceptions-35 |
library/python/requestsexceptions-34 |
library/python/requestsexceptions-27 |
library/python/requests |
library/python/requests-37 |
library/python/requests-35 |
library/python/requests-34 |
library/python/requests-27 |
library/python/pyyaml |
library/python/pyyaml-37 |
library/python/pyyaml-35 |
library/python/pyyaml-34 |
library/python/pyyaml-27 |
library/python/pytz |
library/python/pytz-37 |
library/python/pytz-35 |
library/python/pytz-34 |
library/python/pytz-27 |
library/python/python-zope-interface |
library/python/python-zope-interface-37 |
library/python/python-zope-interface-35 |
library/python/python-zope-interface-34 |
library/python/python-zope-interface-27 |
library/python/python-memcached |
library/python/python-memcached-37 |
library/python/python-memcached-35 |
library/python/python-memcached-34 |
library/python/python-memcached-27 |
library/python/pytest |
library/python/pytest-37 |
library/python/pytest-35 |
library/python/pytest-34 |
library/python/pytest-27 |
library/python/pyopenssl |
library/python/pyopenssl-37 |
library/python/pyopenssl-35 |
library/python/pyopenssl-34 |
library/python/pyopenssl-27 |
library/python/pygments |
library/python/pygments-37 |
library/python/pygments-35 |
library/python/pygments-34 |
library/python/pygments-27 |
library/python/pycurl |
library/python/pycurl-37 |
library/python/pycurl-35 |
library/python/pycurl-34 |
library/python/pycurl-27 |
library/python/pycparser |
library/python/pycparser-37 |
library/python/pycparser-35 |
library/python/pycparser-34 |
library/python/pycparser-27 |
library/python/pyasn1 |
library/python/pyasn1-37 |
library/python/pyasn1-35 |
library/python/pyasn1-34 |
library/python/pyasn1-27 |
library/python/py |
library/python/py-37 |
library/python/py-35 |
library/python/py-34 |
library/python/py-27 |
library/python/psutil |
library/python/psutil-37 |
library/python/psutil-35 |
library/python/psutil-34 |
library/python/psutil-27 |
library/python/prettytable |
library/python/prettytable-37 |
library/python/prettytable-35 |
library/python/prettytable-34 |
library/python/prettytable-27 |
library/python/portend |
library/python/portend-37 |
library/python/portend-35 |
library/python/portend-34 |
library/python/portend-27 |
library/python/ply |
library/python/ply-37 |
library/python/ply-35 |
library/python/ply-34 |
library/python/ply-27 |
library/python/pluggy |
library/python/pluggy-37 |
library/python/pluggy-35 |
library/python/pluggy-34 |
library/python/pluggy-27 |
library/python/pip |
library/python/pip-37 |
library/python/pip-35 |
library/python/pip-34 |
library/python/pip-27 |
library/python/pillow |
library/python/pillow-37 |
library/python/pillow-35 |
library/python/pillow-34 |
library/python/pillow-27 |
library/python/pep8 |
library/python/pep8-37 |
library/python/pep8-35 |
library/python/pep8-34 |
library/python/pep8-27 |
library/python/pathlib2 |
library/python/pathlib2-37 |
library/python/pathlib2-35 |
library/python/pathlib2-34 |
library/python/pathlib2-27 |
library/python/paramiko |
library/python/paramiko-37 |
library/python/paramiko-35 |
library/python/paramiko-34 |
library/python/paramiko-27 |
library/python/more_itertools |
library/python/more_itertools-37 |
library/python/more_itertools-35 |
library/python/more_itertools-34 |
library/python/more_itertools-27 |
library/python/mock |
library/python/mock-37 |
library/python/mock-35 |
library/python/mock-34 |
library/python/mock-27 |
library/python/mccabe |
library/python/mccabe-37 |
library/python/mccabe-35 |
library/python/mccabe-34 |
library/python/mccabe-27 |
library/python/markupsafe |
library/python/markupsafe-37 |
library/python/markupsafe-35 |
library/python/markupsafe-34 |
library/python/markupsafe-27 |
library/python/mako |
library/python/mako-37 |
library/python/mako-35 |
library/python/mako-34 |
library/python/mako-27 |
library/python/lxml |
library/python/lxml-37 |
library/python/lxml-35 |
library/python/lxml-34 |
library/python/lxml-27 |
library/python/lockfile |
library/python/lockfile-35 |
library/python/lockfile-34 |
library/python/lockfile-27 |
library/python/lazy-object-proxy |
library/python/lazy-object-proxy-37 |
library/python/lazy-object-proxy-35 |
library/python/lazy-object-proxy-34 |
library/python/lazy-object-proxy-27 |
library/python/kombu |
library/python/kombu-27 |
library/python/jsonschema |
library/python/jsonschema-37 |
library/python/jsonschema-35 |
library/python/jsonschema-34 |
library/python/jsonschema-27 |
library/python/jsonrpclib |
library/python/jsonrpclib-37 |
library/python/jsonrpclib-35 |
library/python/jsonrpclib-34 |
library/python/jsonrpclib-27 |
library/python/jinja2 |
library/python/jinja2-37 |
library/python/jinja2-35 |
library/python/jinja2-34 |
library/python/jinja2-27 |
library/python/isort |
library/python/isort-37 |
library/python/isort-35 |
library/python/isort-34 |
library/python/isort-27 |
library/python/hypothesis |
library/python/hypothesis-37 |
library/python/hypothesis-35 |
library/python/hypothesis-34 |
library/python/hypothesis-27 |
library/python/funcsigs |
library/python/funcsigs-27 |
library/python/django |
library/python/django-37 |
library/python/django-35 |
library/python/django-34 |
library/python/django-27 |
library/python/cryptography |
library/python/cryptography-37 |
library/python/cryptography-35 |
library/python/cryptography-34 |
library/python/cryptography-27 |
library/python/coverage |
library/python/coverage-37 |
library/python/coverage-35 |
library/python/coverage-34 |
library/python/coverage-27 |
library/python/cffi |
library/python/cffi-37 |
library/python/cffi-35 |
library/python/cffi-34 |
library/python/cffi-27 |
library/python/boto |
library/python/boto-37 |
library/python/boto-35 |
library/python/boto-34 |
library/python/boto-27 |
library/python/backports.functools_lru_cache |
library/python/backports.functools_lru_cache-37 |
library/python/backports.functools_lru_cache-35 |
library/python/backports.functools_lru_cache-34 |
library/python/backports.functools_lru_cache-27 |
library/python/babel |
library/python/babel-37 |
library/python/babel-35 |
library/python/babel-34 |
library/python/babel-27 |
library/python/attrs |
library/python/attrs-37 |
library/python/attrs-35 |
library/python/attrs-34 |
library/python/attrs-27 |
library/python/atomicwrites |
library/python/atomicwrites-37 |
library/python/atomicwrites-35 |
library/python/atomicwrites-34 |
library/python/atomicwrites-27 |
library/python/astroid |
library/python/astroid-37 |
library/python/astroid-35 |
library/python/astroid-34 |
library/python/astroid-27 |
library/python/asn1crypto |
library/python/asn1crypto-37 |
library/python/asn1crypto-35 |
library/python/asn1crypto-34 |
library/python/asn1crypto-27 |
developer/versioning/mercurial/hg-git |
developer/versioning/mercurial/hg-git-27 |
developer/python/pylint |
developer/python/pylint-37 |
developer/python/pylint-35 |
developer/python/pylint-34 |
developer/python/pylint-27 |