Required CVE Record Information
Description
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.
References 7 Total
- https://bugs.python.org/issue43882
- lists.fedoraproject.org: FEDORA-2022-ef99a016f6 vendor-advisory
- lists.fedoraproject.org: FEDORA-2022-18ad73aba6 vendor-advisory
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://security.netapp.com/advisory/ntap-20220225-0009/
- security.gentoo.org: GLSA-202305-02 vendor-advisory
- lists.debian.org: [debian-lts-announce] 20230920 [SECURITY] [DLA 3575-1] python2.7 security update mailing-list
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 7 Total
- https://bugs.python.org/issue43882 x_transferred
- lists.fedoraproject.org: FEDORA-2022-ef99a016f6 vendor-advisoryx_transferred
- lists.fedoraproject.org: FEDORA-2022-18ad73aba6 vendor-advisoryx_transferred
- https://www.oracle.com/security-alerts/cpuapr2022.html x_transferred
- https://security.netapp.com/advisory/ntap-20220225-0009/ x_transferred
- security.gentoo.org: GLSA-202305-02 vendor-advisoryx_transferred
- lists.debian.org: [debian-lts-announce] 20230920 [SECURITY] [DLA 3575-1] python2.7 security update mailing-listx_transferred