Endpoint Vulnerability

CVE-2019-18348python: CRLF injection via the host part of the url passed to urlopen()

Description

A CRLF injection flaw was discovered in python in the way URLs are handled when doing an HTTP/HTTPS connection (e.g. through urlopen() or HTTPConnection). An attacker who can control the url parameter passed to urlopen method in the urllib/urllib2 modules can inject CRLF sequences and HTTP headers by abusing the 'host' part of the URL.

Affected Products

python

References

CVE-2019-18348,