RedosROS-20220407-03ROS-20220407-03
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
59.0%
A vulnerability in the Python client library is related to insufficient validation of user input data in the FTP (File Transfer Protocol) library when used in PASV (passive) mode
in the FTP (File Transfer Protocol) library when it is used in PASV (passive) mode. Exploitation
the vulnerability could allow a remote attacker to set up a malicious FTP server, trick the FTP client into PASV (passive mode).
a Python FTP client to connect to a given IP address and port, which could result in the FTP client scanning ports.
port scanning by the FTP client
Vulnerability in the urllib.parse module of Python, due to insufficient validation of the data provided by the attacker in the module.
data provided by the attacker in the urllib.parse module in Python. Exploitation of the vulnerability could allow
an attacker acting remotely to pass specially crafted data containing CR-LF characters to an application and alter the application’s behavior.
CR-LF characters, and change the behavior of the application
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
59.0%