Wind River Support Network

HomeDefectsLIN10-7813
Fixed

LIN10-7813 : Security Advisory - python-urllib3 - CVE-2020-26137

Created: Oct 11, 2020    Updated: Apr 1, 2021
Resolved Date: Apr 1, 2021
Found In Version: 10.17.41.1
Severity: Standard
Applicable for: Wind River Linux LTS 17
Component/s: Userspace

Description

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

CREATE(Triage):(User=admin) [CVE-2020-26137|https://nvd.nist.gov/vuln/detail/CVE-2020-26137]

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube