CVE-2020-11078

MEDIUM Year: 2020
CVSS v3 Score
6.8
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-93
View all →

Vulnerability Description

In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.

Related Vulnerabilities

CVE-2016-9964

MEDIUM
CVSS:6.5(Medium)

redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call.

CWE-932016

CVE-2018-6148

MEDIUM
CVSS:6.5(Medium)

Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CWE-932018

CVE-2022-31150

MEDIUM
CVSS:6.5(Medium)

undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0....

CWE-932022

CVE-2023-34472

MEDIUM
CVSS:6.5(Medium)

AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers. A successful exploit of this vulnerability may lead to a loss of i...

CWE-932023

CVE-2024-53693

HIGH
CVSS:7.1(High)

An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote att...

CWE-932024

CVE-2021-4097

MEDIUM
CVSS:6.3(Medium)

phpservermon is vulnerable to Improper Neutralization of CRLF Sequences

CWE-932021