CVE-2020-7694

Name of the Vulnerable Software and Affected Versions uvicorn (affected versions not specified)

Description The request logger in uvicorn is susceptible to ANSI escape sequence injection. When the package logs HTTP request details to the console or a log file, it can process crafted URLs with percent-encoded escape sequences, converting them into their single-character equivalent. This can have special meaning in terminal emulators, allowing attackers to pollute access logs and potentially interact with the terminal emulator displaying the logs. Attackers can exploit this by requesting URLs with crafted paths.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.