Lucene search

K
nvd[email protected]NVD:CVE-2022-0391
HistoryFeb 09, 2022 - 11:15 p.m.

CVE-2022-0391

2022-02-0923:15:16
CWE-74
web.nvd.nist.gov
1

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

59.5%

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like ‘\r’ and ‘\n’ in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.

Affected configurations

NVD
Node
pythonpythonRange<3.6.14
OR
pythonpythonRange3.7.03.7.11
OR
pythonpythonRange3.8.03.8.11
OR
pythonpythonRange3.9.03.9.5
OR
pythonpythonMatch3.10.0alpha1
OR
pythonpythonMatch3.10.0alpha2
OR
pythonpythonMatch3.10.0alpha3
OR
pythonpythonMatch3.10.0alpha4
OR
pythonpythonMatch3.10.0alpha5
OR
pythonpythonMatch3.10.0alpha6
Node
netappactive_iq_unified_managerMatch-vsphere
OR
netapphciMatch-
OR
netappmanagement_services_for_element_softwareMatch-
OR
netappontap_select_deploy_administration_utilityMatch-
OR
netappsolidfire\,_enterprise_sds_\&_hci_storage_nodeMatch-
OR
netapphci_compute_nodeMatch-
Node
fedoraprojectfedoraMatch34
OR
fedoraprojectfedoraMatch35
Node
oraclehttp_serverMatch12.2.1.3.0
OR
oraclehttp_serverMatch12.2.1.4.0
OR
oraclezfs_storage_appliance_kitMatch8.8

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

59.5%