Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/python-urllib3@1.24.2-5?arch=el8

Type rpm

Namespace redhat

Name python-urllib3

Version 1.24.2-5

Qualifiers

arch	el8

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-gxkt-bvtg-gbaj

vulnerability_id

VCID-gxkt-bvtg-gbaj

summary

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26137.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26137.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-26137

reference_id

reference_type

scores

value	0.00277
scoring_system	epss
scoring_elements	0.51202
published_at	2026-04-18T12:55:00Z

value	0.00277
scoring_system	epss
scoring_elements	0.51195
published_at	2026-04-16T12:55:00Z

value	0.00277
scoring_system	epss
scoring_elements	0.51061
published_at	2026-04-01T12:55:00Z

value	0.00277
scoring_system	epss
scoring_elements	0.51156
published_at	2026-04-13T12:55:00Z

value	0.00277
scoring_system	epss
scoring_elements	0.51171
published_at	2026-04-12T12:55:00Z

value	0.00277
scoring_system	epss
scoring_elements	0.51193
published_at	2026-04-11T12:55:00Z

value	0.00277
scoring_system	epss
scoring_elements	0.51149
published_at	2026-04-09T12:55:00Z

value	0.00277
scoring_system	epss
scoring_elements	0.51152
published_at	2026-04-08T12:55:00Z

value	0.00277
scoring_system	epss
scoring_elements	0.51097
published_at	2026-04-07T12:55:00Z

value	0.00277
scoring_system	epss
scoring_elements	0.51139
published_at	2026-04-04T12:55:00Z

value	0.00277
scoring_system	epss
scoring_elements	0.51115
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-26137

reference_url

https://bugs.python.org/issue39603

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.python.org/issue39603

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26137
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26137

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-wqvq-5m8c-6g24

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wqvq-5m8c-6g24

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2020-148.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2020-148.yaml

reference_url

https://github.com/urllib3/urllib3

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3

reference_url

https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b

reference_url

https://github.com/urllib3/urllib3/pull/1800

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/pull/1800

reference_url

https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-26137

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-26137

reference_url

https://usn.ubuntu.com/4570-1

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/4570-1

reference_url	https://usn.ubuntu.com/4570-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4570-1/

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1883632
reference_id	1883632
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1883632

reference_url	https://access.redhat.com/errata/RHSA-2020:4299
reference_id	RHSA-2020:4299
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4299

reference_url	https://access.redhat.com/errata/RHSA-2021:0034
reference_id	RHSA-2021:0034
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0034

reference_url	https://access.redhat.com/errata/RHSA-2021:0079
reference_id	RHSA-2021:0079
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0079

reference_url	https://access.redhat.com/errata/RHSA-2021:1631
reference_id	RHSA-2021:1631
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1631

reference_url	https://access.redhat.com/errata/RHSA-2021:1761
reference_id	RHSA-2021:1761
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1761

reference_url	https://access.redhat.com/errata/RHSA-2022:5235
reference_id	RHSA-2022:5235
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5235

fixed_packages

aliases

CVE-2020-26137, GHSA-wqvq-5m8c-6g24, PYSEC-2020-148

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-gxkt-bvtg-gbaj

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-urllib3@1.24.2-5%3Farch=el8

Package Instance