EIQ-2019-0021#
ID |
EIQ-2019-0021 |
|---|---|
CVE |
|
Description |
CRLF injection and HTTP header manipulation in urllib3 |
Date |
22 Apr 2019 |
Severity |
2 - MEDIUM |
CVSSv3 score |
6.1 |
Status |
✅ 2.4.0 |
Assessment |
An attacker could inject Carriage Return Line Feed (CRLF) sequences in a targeted system by exploiting improper neutralization of CRLF sequences in urllib3. An attacker with control of the urllib request address parameter could exploit this vulnerability by injecting CRLF sequences in the targeted system. A successful exploit could allow manipulating HTTP headers, and enabling additional attack methods. To exploit this vulnerability, an attacker must send malicious requests to the targeted system. |
Mitigation |
Upgrade urllib3 to version 1.24.3, 1.25.2, or later. Restrict network access from untrusted sources to make it more difficult to exploit the vulnerability. |
Affected versions |
2.3.4 and earlier |
Notes |
For more information, see: |