{"api_version":"1","generated_at":"2026-04-22T20:52:19+00:00","cve":"CVE-2020-26116","urls":{"html":"https://cve.report/CVE-2020-26116","api":"https://cve.report/api/cve/CVE-2020-26116.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-26116","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-26116"},"summary":{"title":"CVE-2020-26116","description":"http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2020-09-27 04:15:00","updated_at":"2023-11-07 03:20:00"},"problem_types":["CWE-74"],"metrics":[],"references":[{"url":"https://python-security.readthedocs.io/vuln/http-header-injection-method.html","name":"https://python-security.readthedocs.io/vuln/http-header-injection-method.html","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"http.client: HTTP Header Injection in the HTTP method — Python Security 0.0 documentation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202101-18","name":"GLSA-202101-18","refsource":"GENTOO","tags":[],"title":"Python: Multiple vulnerabilities (GLSA 202101-18) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00032.html","name":"[debian-lts-announce] 20201119 [SECURITY] [DLA 2456-1] python3.5 security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2456-1] python3.5 security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4581-1/","name":"USN-4581-1","refsource":"UBUNTU","tags":[],"title":"USN-4581-1: Python vulnerability | Ubuntu security notices | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QOX7DGMMWWL6POCRYGAUCISOLR2IG3XV/","name":"FEDORA-2020-d42cb01973","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 32 Update: mingw-python3-3.8.3-7.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html","name":"[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3432-1] python2.7 security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20201023-0001/","name":"https://security.netapp.com/advisory/ntap-20201023-0001/","refsource":"CONFIRM","tags":[],"title":"CVE-2020-26116 Python Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXI72HIHMXCQFWTULUXDG7VDA2BCYL4Y/","name":"FEDORA-2020-d30881c970","refsource":"","tags":[],"title":"[SECURITY] Fedora 32 Update: python34-3.4.10-11.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWMAVY4T4257AZHTF2RZJKNJNSJFY24O/","name":"FEDORA-2020-887d3fa26f","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 32 Update: python27-2.7.18-6.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","name":"https://www.oracle.com/security-alerts/cpuoct2021.html","refsource":"MISC","tags":[],"title":"Oracle Critical Patch Update Advisory - October 2021","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HDQ2THWU4GPV4Y5H5WW5PFMSWXL2CRFD/","name":"FEDORA-2020-e33acdea18","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 31 Update: python2-2.7.18-6.fc31 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BW4GCLQISJCOEGQNIMVUZDQMIY6RR6CC/","name":"FEDORA-2020-221823ebdd","refsource":"FEDORA","tags":["Third Party Advisory"],"title":"[SECURITY] Fedora 33 Update: python2.7-2.7.18-6.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXI72HIHMXCQFWTULUXDG7VDA2BCYL4Y/","name":"FEDORA-2020-d30881c970","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 32 Update: python34-3.4.10-11.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDQ2THWU4GPV4Y5H5WW5PFMSWXL2CRFD/","name":"FEDORA-2020-e33acdea18","refsource":"","tags":[],"title":"[SECURITY] Fedora 31 Update: python2-2.7.18-6.fc31 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugs.python.org/issue39603","name":"https://bugs.python.org/issue39603","refsource":"MISC","tags":["Exploit","Issue Tracking","Patch","Vendor Advisory"],"title":"Issue 39603: [security] http.client: HTTP Header Injection in the HTTP method - Python tracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWMAVY4T4257AZHTF2RZJKNJNSJFY24O/","name":"FEDORA-2020-887d3fa26f","refsource":"","tags":[],"title":"[SECURITY] Fedora 32 Update: python27-2.7.18-6.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BW4GCLQISJCOEGQNIMVUZDQMIY6RR6CC/","name":"FEDORA-2020-221823ebdd","refsource":"","tags":[],"title":"[SECURITY] Fedora 33 Update: python2.7-2.7.18-6.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QOX7DGMMWWL6POCRYGAUCISOLR2IG3XV/","name":"FEDORA-2020-d42cb01973","refsource":"","tags":[],"title":"[SECURITY] Fedora 32 Update: mingw-python3-3.8.3-7.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00027.html","name":"openSUSE-SU-2020:1859","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2020:1859-1: moderate: Security update f","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-26116","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26116","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"26116","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"12.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"26116","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"esm","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"26116","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"esm","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"26116","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"26116","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"26116","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"31","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"26116","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"32","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"26116","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"26116","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"26116","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"hci_compute_node","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"26116","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"hci_storage_node","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"26116","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"solidfire","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"26116","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"leap","cpe6":"15.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"26116","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"zfs_storage_appliance_kit","cpe6":"8.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"26116","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"python","cpe5":"python","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"26116","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"python","cpe5":"python","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-26116","qid":"159200","title":"Oracle Enterprise Linux Security Update for python3 (ELSA-2021-1633)"},{"cve":"CVE-2020-26116","qid":"159342","title":"Oracle Enterprise Linux Security Update for python27:2.7 (ELSA-2021-1761)"},{"cve":"CVE-2020-26116","qid":"159460","title":"Oracle Enterprise Linux Security Update for python38:3.8 (ELSA-2021-1879)"},{"cve":"CVE-2020-26116","qid":"159958","title":"Oracle Enterprise Linux Security Update for python (ELSA-2022-5235)"},{"cve":"CVE-2020-26116","qid":"174590","title":"SUSE Enterprise Linux Security Update for python-urllib3 (SUSE-SU-2021:0299-1)"},{"cve":"CVE-2020-26116","qid":"181802","title":"Debian Security Update for python2.7 (DLA 3432-1)"},{"cve":"CVE-2020-26116","qid":"198293","title":"Ubuntu Security Notification for Python2.7, Python3.7, Python3.8 Vulnerabilities (USN-4754-3)"},{"cve":"CVE-2020-26116","qid":"239292","title":"Red Hat Update for python38:3.8 (RHSA-2021:1879)"},{"cve":"CVE-2020-26116","qid":"239307","title":"Red Hat Update for python27:2.7 (RHSA-2021:1761)"},{"cve":"CVE-2020-26116","qid":"239323","title":"Red Hat Update for python3 (RHSA-2021:1633)"},{"cve":"CVE-2020-26116","qid":"239596","title":"Red Hat Update for python3 (RHSA-2021:3366)"},{"cve":"CVE-2020-26116","qid":"240523","title":"Red Hat Update for python (RHSA-2022:5235)"},{"cve":"CVE-2020-26116","qid":"257179","title":"CentOS Security Update for python (CESA-2022:5235)"},{"cve":"CVE-2020-26116","qid":"296059","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 36.0.1.101.2 Missing (CPUJUL2021)"},{"cve":"CVE-2020-26116","qid":"296070","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 28.82.3 Missing (CPUOCT2020)"},{"cve":"CVE-2020-26116","qid":"352287","title":"Amazon Linux Security Update for python27: AL2012-2020-327"},{"cve":"CVE-2020-26116","qid":"352384","title":"Amazon Linux Security Advisory for python3: ALAS2-2021-1670"},{"cve":"CVE-2020-26116","qid":"352385","title":"Amazon Linux Security Advisory for python: ALAS2-2021-1669"},{"cve":"CVE-2020-26116","qid":"356421","title":"Amazon Linux Security Advisory for python3 : ALAS2-2023-2317"},{"cve":"CVE-2020-26116","qid":"376090","title":"IBM Cognos Analytics Multiple Vulnerabilities (6491661)"},{"cve":"CVE-2020-26116","qid":"377245","title":"Alibaba Cloud Linux Security Update for python (ALINUX2-SA-2022:0032)"},{"cve":"CVE-2020-26116","qid":"377387","title":"Alibaba Cloud Linux Security Update for python3 (ALINUX3-SA-2021:0080)"},{"cve":"CVE-2020-26116","qid":"377557","title":"Alibaba Cloud Linux Security Update for python27:2.7 (ALINUX3-SA-2022:0112)"},{"cve":"CVE-2020-26116","qid":"6000046","title":"Debian Security Update for python-urllib3 (DLA 3610-1)"},{"cve":"CVE-2020-26116","qid":"670783","title":"EulerOS Security Update for python-urllib3 (EulerOS-SA-2021-2541)"},{"cve":"CVE-2020-26116","qid":"670807","title":"EulerOS Security Update for python-urllib3 (EulerOS-SA-2021-2565)"},{"cve":"CVE-2020-26116","qid":"670848","title":"EulerOS Security Update for python3 (EulerOS-SA-2020-2419)"},{"cve":"CVE-2020-26116","qid":"750463","title":"OpenSUSE Security Update for python3 (openSUSE-SU-2020:2333-1)"},{"cve":"CVE-2020-26116","qid":"750464","title":"OpenSUSE Security Update for python3 (openSUSE-SU-2020:2332-1)"},{"cve":"CVE-2020-26116","qid":"750581","title":"OpenSUSE Security Update for python (openSUSE-SU-2020:1988-1)"},{"cve":"CVE-2020-26116","qid":"900127","title":"CBL-Mariner Linux Security Update for python3 3.7.7"},{"cve":"CVE-2020-26116","qid":"902956","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (3520)"},{"cve":"CVE-2020-26116","qid":"940187","title":"AlmaLinux Security Update for python3 (ALSA-2021:1633)"},{"cve":"CVE-2020-26116","qid":"940287","title":"AlmaLinux Security Update for python38:3.8 (ALSA-2021:1879)"},{"cve":"CVE-2020-26116","qid":"940311","title":"AlmaLinux Security Update for python27:2.7 (ALSA-2021:1761)"},{"cve":"CVE-2020-26116","qid":"960385","title":"Rocky Linux Security Update for python38:3.8 (RLSA-2021:1879)"},{"cve":"CVE-2020-26116","qid":"960420","title":"Rocky Linux Security Update for python27:2.7 (RLSA-2021:1761)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2020-26116","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://python-security.readthedocs.io/vuln/http-header-injection-method.html","refsource":"MISC","name":"https://python-security.readthedocs.io/vuln/http-header-injection-method.html"},{"url":"https://bugs.python.org/issue39603","refsource":"MISC","name":"https://bugs.python.org/issue39603"},{"refsource":"FEDORA","name":"FEDORA-2020-221823ebdd","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BW4GCLQISJCOEGQNIMVUZDQMIY6RR6CC/"},{"refsource":"FEDORA","name":"FEDORA-2020-887d3fa26f","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWMAVY4T4257AZHTF2RZJKNJNSJFY24O/"},{"refsource":"FEDORA","name":"FEDORA-2020-d30881c970","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXI72HIHMXCQFWTULUXDG7VDA2BCYL4Y/"},{"refsource":"UBUNTU","name":"USN-4581-1","url":"https://usn.ubuntu.com/4581-1/"},{"refsource":"FEDORA","name":"FEDORA-2020-e33acdea18","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HDQ2THWU4GPV4Y5H5WW5PFMSWXL2CRFD/"},{"refsource":"SUSE","name":"openSUSE-SU-2020:1859","url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00027.html"},{"refsource":"FEDORA","name":"FEDORA-2020-d42cb01973","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QOX7DGMMWWL6POCRYGAUCISOLR2IG3XV/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20201119 [SECURITY] [DLA 2456-1] python3.5 security update","url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00032.html"},{"refsource":"GENTOO","name":"GLSA-202101-18","url":"https://security.gentoo.org/glsa/202101-18"},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","refsource":"MISC","name":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20201023-0001/","url":"https://security.netapp.com/advisory/ntap-20201023-0001/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update","url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"}]}},"nvd":{"publishedDate":"2020-09-27 04:15:00","lastModifiedDate":"2023-11-07 03:20:00","problem_types":["CWE-74"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":7.2,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":6.4},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.5.10","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8.0","versionEndExcluding":"3.8.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7.0","versionEndExcluding":"3.7.9","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6.0","versionEndExcluding":"3.6.12","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"26116","Ordinal":"187535","Title":"CVE-2020-26116","CVE":"CVE-2020-26116","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"26116","Ordinal":"1","NoteData":"http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"26116","Ordinal":"2","NoteData":"2020-09-26","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"26116","Ordinal":"3","NoteData":"2021-10-20","Type":"Other","Title":"Modified"}]}}}