Search for vulnerabilities
Vulnerability details: VCID-s4tj-c35n-aaad
Vulnerability ID VCID-s4tj-c35n-aaad
Aliases CVE-2020-26116
Summary http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26116.html
rhas Moderate https://access.redhat.com/errata/RHSA-2020:4273
rhas Moderate https://access.redhat.com/errata/RHSA-2020:4285
rhas Moderate https://access.redhat.com/errata/RHSA-2020:4299
rhas Moderate https://access.redhat.com/errata/RHSA-2021:1633
rhas Moderate https://access.redhat.com/errata/RHSA-2021:1761
rhas Moderate https://access.redhat.com/errata/RHSA-2021:1879
rhas Moderate https://access.redhat.com/errata/RHSA-2021:3366
rhas Moderate https://access.redhat.com/errata/RHSA-2022:5235
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26116.json
epss 0.00199 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00199 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00199 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00199 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00312 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00350 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00350 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00350 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00350 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00350 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00350 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00350 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00350 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00350 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00350 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00350 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00471 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00471 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00471 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.00524 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2020-26116
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1883014
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26116
cvssv3.1 6.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual Medium https://python-security.readthedocs.io/vuln/http-header-injection-method.html
generic_textual Medium https://ubuntu.com/security/notices/USN-4581-1
generic_textual Medium https://ubuntu.com/security/notices/USN-4754-3
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26116.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26116.json
https://api.first.org/data/v1/epss?cve=CVE-2020-26116
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26116
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://python-security.readthedocs.io/vuln/http-header-injection-method.html
https://ubuntu.com/security/notices/USN-4581-1
https://ubuntu.com/security/notices/USN-4754-3
1883014 https://bugzilla.redhat.com/show_bug.cgi?id=1883014
RHSA-2020:4273 https://access.redhat.com/errata/RHSA-2020:4273
RHSA-2020:4285 https://access.redhat.com/errata/RHSA-2020:4285
RHSA-2020:4299 https://access.redhat.com/errata/RHSA-2020:4299
RHSA-2021:1633 https://access.redhat.com/errata/RHSA-2021:1633
RHSA-2021:1761 https://access.redhat.com/errata/RHSA-2021:1761
RHSA-2021:1879 https://access.redhat.com/errata/RHSA-2021:1879
RHSA-2021:3366 https://access.redhat.com/errata/RHSA-2021:3366
RHSA-2022:5235 https://access.redhat.com/errata/RHSA-2022:5235
USN-4581-1 https://usn.ubuntu.com/4581-1/
USN-4754-3 https://usn.ubuntu.com/4754-3/
USN-6891-1 https://usn.ubuntu.com/6891-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26116.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.57598
EPSS Score 0.00199
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.