Lucene search

CVE-2019-18348

🗓️ 23 Oct 2019 17:12:15Reported by Alpine Linux Development TeamType

alpinelinux🔗 security.alpinelinux.org👁 60 Views

An issue in Python versions 2.x and 3.x allows CRLF injection via a url parameter, leading to potential HTTP header manipulation

Reporter	Title	Published	Views	Family All 199
Debian CVE	CVE-2019-18348	23 Oct 201917:15	–	debiancve
Debian CVE	CVE-2019-9947	23 Mar 201918:29	–	debiancve
Debian CVE	CVE-2016-10739	21 Jan 201919:29	–	debiancve
Debian CVE	CVE-2019-9740	13 Mar 201903:29	–	debiancve
OSV	CVE-2019-18348	23 Oct 201917:15	–	osv
OSV	CVE-2019-18348: CRLF injection via the host part of the url passed to urlopen()	23 Oct 201916:31	–	osv
OSV	CVE-2019-9947	23 Mar 201918:29	–	osv
OSV	HTTP Header Injection (follow-up of CVE-2016-5699)	23 Mar 201917:06	–	osv
OSV	RHSA-2020:1462 Red Hat Security Advisory: python security update	13 Sep 202422:02	–	osv
OSV	python3.4 - security update	24 Jun 201900:00	–	osv

OS	OS Version	Architecture	Package	Package Version	Filename
Alpine	3.10-community	noarch	python2-tkinter	2.7.18-r0	UNKNOWN
Alpine	3.10-main	noarch	python2	2.7.18-r0	UNKNOWN
Alpine	3.11-community	noarch	python2-tkinter	2.7.18-r0	UNKNOWN
Alpine	3.11-main	noarch	python2	2.7.18-r0	UNKNOWN
Alpine	3.12-main	noarch	python2	2.7.18-r0	UNKNOWN
Alpine	3.13-community	noarch	python2	2.7.18-r0	UNKNOWN
Alpine	3.14-community	noarch	python2	2.7.18-r0	UNKNOWN
Alpine	3.15-community	noarch	python2	2.7.18-r0	UNKNOWN
Alpine	3.9-main	noarch	python2	2.7.18-r0	UNKNOWN

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

23 Oct 2019 17:15Current

6.7Medium risk

Vulners AI Score6.7

CVSS24.3

CVSS36.1

EPSS0.00447

1. python 2. crlf injection 2. python 3. crlf injection 3. urllib2 4. urllib 5. http header manipulation 6. glibc vulnerability 7. cve-2019-18348 8. unix