正文

urllib3 注入漏洞

admin
admin V管理员 /0 评论 /12 阅读
0303
此篇文章发布距今已超过1168天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

urllib3 注入漏洞

  • CNNVD编号:CNNVD-202009-1751
    • <!--
  • 危害等级: 中危-->
  • 危害等级: 中危
  • CVE编号: CVE-2020-26137
  • 漏洞类型: 注入
  • 发布时间: 2020-09-30
  • 威胁类型: 远程
  • 更新时间: 2021-10-21
  • 厂        商:
  • 漏洞来源: Red Hat

漏洞简介

urllib3是一款Python HTTP库。该产品具有线程安全连接池、文件发布支持等。

urllib3 1.25.9之前版本存在注入漏洞。该漏洞源于可以在putrequest()的第一个参数中插入CR和LF控制字符。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,补丁获取链接:

https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b

参考网址

来源:UBUNTU

链接:https://usn.ubuntu.com/4570-1/

来源:MISC

链接:https://bugs.python.org/issue39603

来源:MLIST

链接:https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html

来源:MISC

链接:https://github.com/urllib3/urllib3/pull/1800

来源:MISC

链接:https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b

来源:MISC

链接:https://www.oracle.com/security-alerts/cpuoct2021.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.3614/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/161040/Red-Hat-Security-Advisory-2021-0079-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.3446/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-the-python-docker-and-icp-affect-ibm-spectrum-discover/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0236/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1866

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0238/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1820

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2711

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/159655/Red-Hat-Security-Advisory-2020-4299-01.html

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2020-26137

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1730

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/urllib3-information-disclosure-via-CRLF-Injection-33484

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.4349/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2180

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/163209/Red-Hat-Security-Advisory-2021-2479-01.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/159472/Ubuntu-Security-Notice-USN-4570-1.html

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-urllib3-affects-ibm-spectrum-protect-container-and-microsoft-file-systems-agents-cve-2020-26137/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2849

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.4310/

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021052042

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.3244

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/162638/Red-Hat-Security-Advisory-2021-1761-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2134

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/161036/Red-Hat-Security-Advisory-2021-0034-01.html

受影响实体

    暂无


补丁

  • urllib3 注入漏洞的修复措施
    <!--
    2020-9-30
    -->