CVE-2020-26137 – python-urllib3: CRLF injection via HTTP request method
https://notcve.org/view.php?id=CVE-2020-26137
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. urllib3 versiones anteriores a 1.25.9, permite una inyección de CRLF si el atacante controla el método de petición HTTP, como es demostrado al insertar caracteres de control CR y LF en el primer argumento de la función putrequest(). NOTA: esto es similar a CVE-2020-26116 A flaw was found in python-urllib3. The HTTPConnection.request() does not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation of the request by injecting additional HTTP headers. The highest threat from this vulnerability is to confidentiality and integrity. • https://bugs.python.org/issue39603 https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b https://github.com/urllib3/urllib3/pull/1800 https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html https://usn.ubuntu.com/4570-1 https://www.oracle.com/security-alerts/cpujul2022.html https://www.oracle.com/security-alerts/cpuoct2021.html https://access.redhat.com/security/cve/CVE-2020-26137 https& • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVE-2020-26116 – python: CRLF injection via HTTP request method in httplib/http.client
https://notcve.org/view.php?id=CVE-2020-26116
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. http.client en Python 3.x antes de la versión 3.5.10, 3.6.x antes de la versión 3.6.12, 3.7.x antes de la versión 3.7.9, y 3.8.x antes de la versión 3.8.5 permite la inyección de CRLF si el atacante controla el método de petición HTTP, como se demuestra insertando caracteres de control CR y LF en el primer argumento de HTTPConnection.request A flaw was found in Python. The built-in modules httplib and http.client (included in Python 2 and Python 3, respectively) do not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation to the request by injecting additional HTTP headers. The highest threat from this vulnerability is to confidentiality and integrity. • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00027.html https://bugs.python.org/issue39603 https://lists.debian.org/debian-lts-announce/2020/11/msg00032.html https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BW4GCLQISJCOEGQNIMVUZDQMIY6RR6CC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDQ2THWU4GPV4Y5H5WW5PFMSWXL2CRFD https://lists.fedoraproject.org/ • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVE-2020-15141 – Path Traversal in openapi-python-client
https://notcve.org/view.php?id=CVE-2020-15141
In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk. En openapi-python-client versiones anteriores a 0.5.3, se presenta una vulnerabilidad de salto de ruta. Si un usuario generó un cliente usando un documento OpenAPI diseñado maliciosamente, es posible que los archivos generados sean colocados en ubicaciones arbitrarias sobre el disco. • https://github.com/triaxtec/openapi-python-client/blob/main/CHANGELOG.md#053---2020-08-13 https://github.com/triaxtec/openapi-python-client/commit/3e7dfae5d0b3685abf1ede1bc6c086a116ac4746 https://github.com/triaxtec/openapi-python-client/security/advisories/GHSA-7wgr-7666-7pwj https://pypi.org/project/openapi-python-client • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2020-15142 – Arbitrary Code Generation
https://notcve.org/view.php?id=CVE-2020-15142
In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution. En openapi-python-client versiones anteriores a 0.5.3, los clientes generados con un Documento OpenAPI diseñado maliciosamente pueden generar código Python arbitrario. Una ejecución posterior de este cliente malicioso es una ejecución de código arbitraria. • https://github.com/triaxtec/openapi-python-client/blob/main/CHANGELOG.md#053---2020-08-13 https://github.com/triaxtec/openapi-python-client/commit/f7a56aae32cba823a77a84a1f10400799b19c19a https://github.com/triaxtec/openapi-python-client/security/advisories/GHSA-9x4c-63pf-525f https://pypi.org/project/openapi-python-client • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2020-15801
https://notcve.org/view.php?id=CVE-2020-15801
In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected. • https://bugs.python.org/issue41304 https://github.com/python/cpython/pull/21495 https://security.netapp.com/advisory/ntap-20200731-0003 • CWE-426: Untrusted Search Path •