Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-0391
HistoryFeb 09, 2022 - 12:00 a.m.

CVE-2022-0391

2022-02-0900:00:00
ubuntu.com
ubuntu.com
54

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

59.5%

A flaw was found in Python, specifically within the urllib.parse module.
This module helps break Uniform Resource Locator (URL) strings into
components. The issue involves how the urlparse method does not sanitize
input and allows characters like ‘\r’ and ‘\n’ in the URL path. This flaw
allows an attacker to input a crafted URL, leading to injection attacks.
This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11
and 3.6.14.

Notes

Author Note
leosilva for python2.7 code affected, urlsplit is in Lib/urlparse.py. according with Debian, the fix for python3.5 causes regressions.
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchpython2.7< 2.7.17-1~18.04ubuntu1.7UNKNOWN
ubuntu20.04noarchpython2.7< 2.7.18-1~20.04.3+esm1UNKNOWN
ubuntu22.04noarchpython2.7< 2.7.18-13ubuntu1.1+esm2UNKNOWN
ubuntu14.04noarchpython2.7< 2.7.6-8ubuntu0.6+esm12UNKNOWN
ubuntu16.04noarchpython2.7< 2.7.12-1ubuntu0~16.04.18+esm1UNKNOWN
ubuntu14.04noarchpython3.4< 3.4.3-1ubuntu1~14.04.7+esm12UNKNOWN
ubuntu14.04noarchpython3.5< 3.5.2-2ubuntu0~16.04.4~14.04.1+esm1UNKNOWN
ubuntu16.04noarchpython3.5< 3.5.2-2ubuntu0~16.04.13+esm2UNKNOWN
ubuntu18.04noarchpython3.6< 3.6.9-1~18.04ubuntu1.7UNKNOWN
ubuntu18.04noarchpython3.7< 3.7.5-2ubuntu1~18.04.2+esm3UNKNOWN
Rows per page:
1-10 of 121

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

59.5%