47 matches found
python: urllib: Regular expression DoS in AbstractBasicAuthHandler
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request with a specially crafted payload that is sen...
python: CRLF injection via the path part of the url passed to urlopen()
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...
python: CRLF injection via the path part of the url passed to urlopen()
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...
python: CRLF injection via the query part of the url passed to urlopen()
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...
python: CRLF injection via the path part of the url passed to urlopen()
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...
python: CRLF injection via the query part of the url passed to urlopen()
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...
ALPINE-CVE-2019-18348
An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the host component of a URL follow...
DEBIAN-CVE-2019-18348
An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the host component of a URL follow...
python: CRLF injection via the path part of the url passed to urlopen()
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...
python: CRLF injection via the path part of the url passed to urlopen()
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...
python: CRLF injection via the query part of the url passed to urlopen()
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...
Anaconda has an arbitrary file read vulnerability
Anaconda refers to an open source Python distribution that contains more than 180 scientific packages such as conda, Python, and their dependencies. Anaconda for linux Python urllib suffers from an arbitrary file read vulnerability. An attacker can exploit this vulnerability to read arbitrary fil...
Cisco release a lot of patches, fixes IOS XE, and small business routing vulnerability-vulnerability warning-the black bar safety net
On Wednesday, Cisco Systems Inc. posted a 26 the patch, including its IOS-XE operating system and two small business RV320 and RV325 router of bug fixes. A total of 19 vulnerabilities is Cisco rated the severity level, other vulnerabilities were rated medium level. In the high severity...
DEBIAN-CVE-2019-9947
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...
PT-2019-4685 · Redis +9 · Redis +11
Name of the Vulnerable Software and Affected Versions: Python versions 2.x through 2.7.16 Python versions 3.x through 3.7.3 Description: An issue in the urllib2 and urllib modules allows for CRLF injection if an attacker controls a url parameter. This can be demonstrated by the first argument to...
PT-2019-2028 · Python +8 · Python +8
Name of the Vulnerable Software and Affected Versions: Python versions 2.x through 2.7.16 Description: The issue is related to the urllib module in Python, which supports the local file: scheme. This makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs. A...
UBUNTU-CVE-2019-9948
urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...
Crlf injection
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...
DEBIAN-CVE-2019-9740
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...
EUVD-2019-19103
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...