ALPINE-CVE-2020-26137
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 30 Sept 2020, 18:15
Last modified:03 Dec 2025, 22:49
Vulnerability Summary
Overall Risk (default)
medium
26/100 CVSS Score
6.5 MEDIUM
3.1 (osv_alpine)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
30 Sept 2020, 18:15
Published
Vulnerability first disclosed
03 Dec 2025, 22:49
Last Modified
Vulnerability information updated
Description
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
CVSS Metrics
- v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Systems
- alpine•py3-urllib3
< 1.25.9-r0 | < 1.25.9-r0 | < 1.25.9-r0 | < 1.25.9-r0 | < 1.25.9-r0 | < 1.25.9-r0 | < 1.25.9-r0 | < 1.25.9-r0 | < 1.25.9-r0 | < 1.25.9-r0 | < 1.25.9-r0