CVE-2020-26137 @ Python-urllib3-1.25.7

[cx-tatianab]

Vulnerable Package issue exists @ Python-urllib3-1.25.7 in branch main

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

Namespace: cx-tatianab
Repository: cxone-advanced-lab
Repository Url: https://github.com/cx-tatianab/cxone-advanced-lab
CxAST-Project: cx-tatianab/cxone-advanced-lab
CxAST platform scan: f48a8601-7787-4317-9a43-352045cff082
Branch: main
Application: cxone-advanced-lab
Severity: MEDIUM
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-74

---

Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: LOW
Availability impact: NONE
Remediation Upgrade Recommendation: 1.26.5

---

References
Issue
Pull request
Commit
Advisory