CVE-2020-26137 @ Pip-urllib3-1.25.7

[CxElks]

Vulnerable Package issue exists @ Pip-urllib3-1.25.7 in branch main

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

Namespace: CxElks
Repository: ast-advanced-lab
Repository Url: https://github.com/CxElks/ast-advanced-lab
CxAST-Project: CxElks/ast-advanced-lab
CxAST platform scan: e8bafc71-6e6e-4969-9cea-fb8a74a872c3
Branch: main
Application: ast-advanced-lab
Severity: MEDIUM
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-74

---

Addition Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: LOW
Availability impact: NONE
Remediation Upgrade Recommendation: 1.26.5

---

References
Issue
Pull request
Commit
Advisory