CVE-2019-11236

Medium

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.

mitre·CWE-93·Published 2019-04-15

CVSS

6.1

EPSS

0.02

KEV

Exploits

cve.orgen

124 chars

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.

NVDen

124 chars

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.

OSV.deven

124 chars

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.

GHSAen

124 chars

In the urllib3 library through 1.24.2 for Python, CRLF injection is possible if the attacker controls the request parameter.

NVDes

143 chars

En la librería urllib3, hasta la versión 1.24.1 para Python, se puede realizar una inyección CRLF si el atacante controla el parámetro request.

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
3.0	Primary	NVD	6.1	2.8	2.7	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N