CVE-2019-11236
Summary
| CVE | CVE-2019-11236 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-04-15 15:29:00 UTC |
| Updated | 2023-11-07 03:02:00 UTC |
| Description | In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. |
Risk And Classification
Problem Types: CWE-93
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] Fedora 29 Update: python-urllib3-1.24.3-1.fc29 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] [DLA 2686-1] python-urllib3 security update | MLIST | lists.debian.org | |
| [SECURITY] [DLA 3610-1] python-urllib3 security update | MLIST | lists.debian.org | |
| USN-3990-1: urllib3 vulnerabilities | Ubuntu security notices | UBUNTU | usn.ubuntu.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| USN-3990-2: urllib3 vulnerability | Ubuntu security notices | Ubuntu | UBUNTU | usn.ubuntu.com | |
| [SECURITY] Fedora 30 Update: python-pip-19.0.3-6.fc30 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [security-announce] openSUSE-SU-2019:2133-1: moderate: Security update f | SUSE | lists.opensuse.org | |
| [SECURITY] Fedora 31 Update: python-pip-19.1.1-7.fc31 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| [SECURITY] Fedora 31 Update: python-pip-19.1.1-7.fc31 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| CRLF injection vulnerability · Issue #1553 · urllib3/urllib3 · GitHub | MISC | github.com | Exploit, Issue Tracking, Third Party Advisory |
| [SECURITY] Fedora 30 Update: python-pip-19.0.3-6.fc30 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 30 Update: python-urllib3-1.24.3-1.fc30 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 29 Update: python-urllib3-1.24.3-1.fc29 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 30 Update: python-urllib3-1.24.3-1.fc30 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [security-announce] openSUSE-SU-2019:2131-1: moderate: Security update f | SUSE | lists.opensuse.org | |
| [SECURITY] [DLA 1828-1] python-urllib3 security update | MLIST | lists.debian.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159655 Oracle Enterprise Linux Security Update for python27:2.7 (ELSA-2020-1605)
- 159668 Oracle Enterprise Linux Security Update for python27:2.7 security and bug fix update (ELSA-2019-3335)
- 178673 Debian Security Update for python-urllib3 (DLA 2686-1)
- 377484 Alibaba Cloud Linux Security Update for python-urllib3 (ALINUX2-SA-2019:0091)
- 377494 Alibaba Cloud Linux Security Update for python-virtualenv (ALINUX2-SA-2020:0029)
- 377534 Alibaba Cloud Linux Security Update for python-pip (ALINUX2-SA-2020:0030)
- 6000046 Debian Security Update for python-urllib3 (DLA 3610-1)
- 900194 CBL-Mariner Linux Security Update for python-urllib3 1.24.2
- 903511 Common Base Linux Mariner (CBL-Mariner) Security Update for python-urllib3 (3695)
- 940120 AlmaLinux Security Update for python27:2.7 (ALSA-2020:1605)
- 940202 AlmaLinux Security Update for python27:2.7 (ALSA-2019:3335)