CVE-2020-26116

Posted on 2020년 9월 27일2020년 9월 27일 by admin

CVE-2020-26116

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.

Source: CVE-2020-26116

답글 남기기 응답 취소