CVE-2020-26116

Published: 2020-09-27T04:15Z

Last Modified: 2024-11-21T05:19Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt