Advisories » MGASA-2021-0055

Updated python-urllib3 packages fix security vulnerability

Publication date: 25 Jan 2021
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-26137

Description

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP
request method, as demonstrated by inserting CR and LF control characters in
the first argument of putrequest() (CVE-2020-26137).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=27407
• https://ubuntu.com/security/notices/USN-4570-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26137

SRPMS

7/core

• python-urllib3-1.24.3-1.2.mga7