PT-2019-4690 · Python+7 · Urllib3+7

Hanno Böck

·

Published

2019-03-13

·

Updated

2024-11-20

·

CVE-2019-11236

CVSS v2.0

6.4

Medium

VectorAV:N/AC:L/Au:N/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions urllib3 versions 1.24.1 and earlier
Description The issue allows for CRLF injection if the attacker controls the request parameter. This can potentially impact the confidentiality and integrity of protected information by allowing the input of invalid characters (CRLF).
Recommendations For versions 1.24.1 and earlier, as a temporary workaround, consider restricting the use of the request parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-93

Related Identifiers

ALSA-2019:3335
ALSA-2020:1605
BDU:2020-01062
BDU:2024-09951
CESA-2019_2272
CESA-2019_3335
CESA-2019_3590
CESA-2020_0850
CESA-2020_0851
CESA-2020_1605
CESA-2020_1916
CVE-2019-11236
DLA-1828-1
DLA-2686-1
DLA-3610-1
GHSA-R64Q-W8JR-G9QP
MGASA-2019-0258
MGASA-2019-0259
MGASA-2020-0063
OPENSUSE-SU-2019:2131-1
OPENSUSE-SU-2019:2133-1
OPENSUSE-SU-2019_2131-1
OPENSUSE-SU-2019_2133-1
PYSEC-2019-132
RHSA-2019:2272
RHSA-2019:3335
RHSA-2019:3590
RHSA-2019_2272
RHSA-2019_3335
RHSA-2019_3590
RHSA-2020:0850
RHSA-2020:0851
RHSA-2020:1605
RHSA-2020:1916
RHSA-2020:2068
RHSA-2020:2081
RHSA-2020_0850
RHSA-2020_0851
RHSA-2020_1605
RHSA-2020_1916
RHSA-2020_2068
RHSA-2020_2081
RLSA-2019:3335
RLSA-2020:1605
SUSE-FU-2022:0444-1
SUSE-FU-2022:0445-1
SUSE-SU-2019:2267-1
SUSE-SU-2019:2300-1
SUSE-SU-2019:2331-1
SUSE-SU-2019:2332-1
SUSE-SU-2019:2370-1
SUSE-SU-2019:2391-1
SUSE-SU-2019:2399-1
SUSE-SU-2019_2332-1
USN-3990-1
USN-3990-2

Affected Products

Almalinux
Astra Linux
Centos
Red Hat
Rocky Linux
Suse
Ubuntu
Urllib3