Show plain JSON{"affected_release": [{"advisory": "RHSA-2022:5235", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "python-0:2.7.5-92.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-06-28T00:00:00Z"}, {"advisory": "RHSA-2021:1633", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python3-0:3.6.8-37.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-05-18T00:00:00Z"}, {"advisory": "RHSA-2021:1761", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python27:2.7-8040020210122160212.cdb2db54", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-05-18T00:00:00Z"}, {"advisory": "RHSA-2021:1879", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python38:3.8-8040020210128125034.b1b639b6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-05-18T00:00:00Z"}, {"advisory": "RHSA-2021:1633", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "python3-0:3.6.8-37.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-05-18T00:00:00Z"}, {"advisory": "RHSA-2021:3366", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "python3-0:3.6.8-24.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-08-31T00:00:00Z"}, {"advisory": "RHSA-2020:4285", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-python36-python-0:3.6.12-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2020-10-19T00:00:00Z"}, {"advisory": "RHSA-2020:4285", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-python36-python-pip-0:9.0.1-5.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2020-10-19T00:00:00Z"}, {"advisory": "RHSA-2020:4285", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-python36-python-virtualenv-0:15.1.0-3.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2020-10-19T00:00:00Z"}, {"advisory": "RHSA-2020:4273", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "python27-python-0:2.7.18-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4273", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "python27-python-pip-0:8.1.2-6.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4273", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "python27-python-virtualenv-0:13.1.0-4.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4285", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python36-python-0:3.6.12-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2020-10-19T00:00:00Z"}, {"advisory": "RHSA-2020:4285", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python36-python-pip-0:9.0.1-5.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2020-10-19T00:00:00Z"}, {"advisory": "RHSA-2020:4285", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python36-python-virtualenv-0:15.1.0-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2020-10-19T00:00:00Z"}, {"advisory": "RHSA-2020:4299", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-0:3.8.6-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4299", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-psutil-0:5.6.4-5.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4299", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-urllib3-0:1.25.7-6.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4273", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "python27-python-0:2.7.18-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4273", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "python27-python-pip-0:8.1.2-6.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4273", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "python27-python-virtualenv-0:13.1.0-4.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4285", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python36-python-0:3.6.12-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2020-10-19T00:00:00Z"}, {"advisory": "RHSA-2020:4285", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python36-python-pip-0:9.0.1-5.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2020-10-19T00:00:00Z"}, {"advisory": "RHSA-2020:4285", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python36-python-virtualenv-0:15.1.0-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2020-10-19T00:00:00Z"}, {"advisory": "RHSA-2020:4299", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-0:3.8.6-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4299", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-psutil-0:5.6.4-5.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4299", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-urllib3-0:1.25.7-6.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4273", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "python27-python-0:2.7.18-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4273", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "python27-python-pip-0:8.1.2-6.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4273", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "python27-python-virtualenv-0:13.1.0-4.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4285", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python36-python-0:3.6.12-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2020-10-19T00:00:00Z"}, {"advisory": "RHSA-2020:4285", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python36-python-pip-0:9.0.1-5.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2020-10-19T00:00:00Z"}, {"advisory": "RHSA-2020:4285", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python36-python-virtualenv-0:15.1.0-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2020-10-19T00:00:00Z"}, {"advisory": "RHSA-2020:4299", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-0:3.8.6-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4299", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-psutil-0:5.6.4-5.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4299", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-urllib3-0:1.25.7-6.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2020-10-20T00:00:00Z"}], "bugzilla": {"description": "python: CRLF injection via HTTP request method in httplib/http.client", "id": "1883014", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883014"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-113", "details": ["http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.", "A flaw was found in Python. The built-in modules httplib and http.client (included in Python 2 and Python 3, respectively) do not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation to the request by injecting additional HTTP headers. The highest threat from this vulnerability is to confidentiality and integrity."], "name": "CVE-2020-26116", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "python", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "python", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "python3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python36:3.6/python36", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay", "product_name": "Red Hat Quay 3"}], "public_date": "2020-02-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-26116\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-26116\nhttps://python-security.readthedocs.io/vuln/http-header-injection-method.html"], "statement": "Versions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as 'Not affected' as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.", "threat_severity": "Moderate"}