CVE-2019-11236

Priority
Description
In the urllib3 library through 1.24.1 for Python, CRLF injection is
possible if the attacker controls the request parameter.
Notes
 mdeslaur> this is the equivalent of CVE-2019-9740 and CVE-2019-9947 in
 mdeslaur> python
Assigned-to
mdeslaur
Package
Upstream:released (1.24.3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):released (1.13.1-2ubuntu0.16.04.3)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.22-1ubuntu0.18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (1.22-1ubuntu0.18.10.1)
Ubuntu 19.04 (Disco Dingo):released (1.24.1-1ubuntu0.1)
Ubuntu 19.10 (Eoan):released (1.24.1-1ubuntu1)
Patches:
Upstream:https://github.com/urllib3/urllib3/commit/9b76785331243689a9d52cef3db05ef7462cb02d
Upstream:https://github.com/urllib3/urllib3/commit/efddd7e7bad26188c3b692d1090cba768afa9162
More Information

Updated: 2019-05-21 19:14:21 UTC (commit ae2e4118ff1e97861cc61346c98b787e9b53cdb8)