CVE-2019-11236 (retired)

Priority
Description
In the urllib3 library through 1.24.1 for Python, CRLF injection is
possible if the attacker controls the request parameter.
Assigned-to
mdeslaur
Notes
mdeslaurthis is the equivalent of CVE-2019-9740 and CVE-2019-9947 in
python
Package
Upstream:released (1.24.3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (1.7.1-1ubuntu4.1+esm1)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.13.1-2ubuntu0.16.04.3)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.22-1ubuntu0.18.04.1)
Ubuntu 19.04 (Disco Dingo):released (1.24.1-1ubuntu0.1)
Ubuntu 19.10 (Eoan):released (1.24.1-1ubuntu1)
Patches:
Upstream:https://github.com/urllib3/urllib3/commit/9b76785331243689a9d52cef3db05ef7462cb02d
Upstream:https://github.com/urllib3/urllib3/commit/efddd7e7bad26188c3b692d1090cba768afa9162
More Information

Updated: 2019-10-09 08:05:05 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)