Lucene search

K
f5F5F5:K28622040
HistoryFeb 02, 2022 - 12:00 a.m.

K28622040 : Python vulnerability CVE-2019-9948

2022-02-0200:00:00
my.f5.com
56
python 2.x
urllib
local_file scheme
remote attackers
bypass protection mechanisms
blacklist file uris
cve-2019-9948
unauthorized access
modify files

AI Score

9.6

Confidence

High

EPSS

0.004

Percentile

72.8%

Security Advisory Description

urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen(‘local_file:///etc/passwd’) call. (CVE-2019-9948)

Impact

A remote attacker can bypass restrictions on a vulnerable systems to gain unauthorized access to resources and to modify files.