id|hash_kind|hash|updater|name|description|issued|links|severity|normalized_severity|package_name|package_version|package_module|package_arch|package_kind|dist_id|dist_name|dist_version|dist_version_code_name|dist_version_id|dist_arch|dist_cpe|dist_pretty_name|repo_name|repo_key|repo_uri|fixed_in_version|arch_operation|vulnerable_range|version_kind
109928|md5|\xc3447eede7cea355856ede7a8cec1f9c|debian-buster-updater|CVE-2020-26137|urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.|0001-01-01 00:00:00+00|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26137||Unknown|python-urllib3||||binary|debian|Debian GNU/Linux|10 (buster)|buster|10|||Debian GNU/Linux 10 (buster)||||0:0|invalid|empty|
123161|md5|\x4b7c8d2ab1caf4bbf915ff2f829b926d|debian-stretch-updater|CVE-2020-26137|urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.|0001-01-01 00:00:00+00|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26137||Unknown|python-urllib3||||binary|debian|Debian GNU/Linux|9 (stretch)|stretch|9|||Debian GNU/Linux 9 (stretch)||||0:1.19.1-1+deb9u1|invalid|empty|
(2 rows)