Your submission was sent successfully! Close

CVE-2019-11236

Published: 15 April 2019

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.

Notes

AuthorNote
mdeslaur
this is the equivalent of CVE-2019-9740 and CVE-2019-9947 in
python
Priority

Medium

CVSS 3 base score: 6.1

Status

Package Release Status
python-urllib3
Launchpad, Ubuntu, Debian
bionic
Released (1.22-1ubuntu0.18.04.1)
cosmic
Released (1.22-1ubuntu0.18.10.1)
disco
Released (1.24.1-1ubuntu0.1)
precise Does not exist

trusty
Released (1.7.1-1ubuntu4.1+esm1)
upstream
Released (1.24.3)
xenial
Released (1.13.1-2ubuntu0.16.04.3)
Patches:
upstream: https://github.com/urllib3/urllib3/commit/9b76785331243689a9d52cef3db05ef7462cb02d
upstream: https://github.com/urllib3/urllib3/commit/efddd7e7bad26188c3b692d1090cba768afa9162