Fluid Attacks Database

Description

Improper Neutralization of CRLF Sequences in urllib3 library for Python In the urllib3 library through 1.24.2 for Python, CRLF injection is possible if the attacker controls the request parameter.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
pypi	urllib3	>=0 <1.24.3	1.24.3
debian 13	python-urllib3	>=0 <1.25.6-4	1.25.6-4
debian 14	python-urllib3	>=0 <1.25.6-4	1.25.6-4
debian 11	python-urllib3	>=0 <1.25.6-4	1.25.6-4
debian 12	python-urllib3	>=0 <1.25.6-4	1.25.6-4
rpm rhel8	python-urllib3	<0:1.24.2-2.el8	0:1.24.2-2.el8
rpm rhel7	python-pip	<0:9.0.3-7.el7_8	0:9.0.3-7.el7_8
rpm rhel8	python-pip	<0:9.0.3-16.el8	0:9.0.3-16.el8
rpm rhel7	python-virtualenv	<0:15.1.0-4.el7_8	0:15.1.0-4.el7_8
rpm rhel6	python-urllib3	-	-

1-10 of 11

Aliases

1. CVE-2019-112362. NVD-2019-112363. OSV-2019-112364. OSV-DEBIAN-2019-112365. GHSA-r64q-w8jr-g9qp6. GCVE-2019-112367. lists.debian.org8. lists.debian.org9. lists.debian.org10. access.redhat.com11. access.redhat.com12. access.redhat.com13. SECURITY-TRACKER-CVE-2019-11236

References

1. https://github.com/urllib3/urllib3/issues/15532. https://usn.ubuntu.com/3990-23. https://usn.ubuntu.com/3990-14. https://lists.fedoraproject.org/archives/list/[email protected]/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE25. https://lists.fedoraproject.org/archives/list/[email protected]/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL6. https://lists.fedoraproject.org/archives/list/[email protected]/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR7. https://lists.fedoraproject.org/archives/list/[email protected]/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG728. https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2019-132.yaml9. http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html10. http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.