Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26137 | 4 Canonical, Debian, Oracle and 1 more | 4 Ubuntu Linux, Debian Linux, Zfs Storage Appliance Kit and 1 more | 2022-07-25 | 6.4 MEDIUM | 6.5 MEDIUM |
| urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. | |||||
| CVE-2021-28363 | 3 Fedoraproject, Oracle, Python | 3 Fedora, Peoplesoft Enterprise Peopletools, Urllib3 | 2021-12-08 | 6.4 MEDIUM | 6.5 MEDIUM |
| The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted. | |||||
| CVE-2019-11236 | 1 Python | 1 Urllib3 | 2021-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. | |||||