CVE-2019-9947 -- python2.7, python3.4, python3.5, python3.6, python3.7ID: oval:org.secpod.oval:def:1901767 | Date: (C)2019-06-25 (M)2024-04-17 |
Class: VULNERABILITY | Family: unix |
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n followed by an HTTP header or a Redis command. This is similar to CVE-2019-9740.
Platform: |
Ubuntu 16.04 |
Ubuntu 18.10 |
Ubuntu 14.04 |
Ubuntu 18.04 |
Product: |
python2.7 |
python3.4 |
python3.5 |
python3.6 |
python3.7 |