The host is installed with Python 2.7.x through 2.7.16, 3.5.x before 3.5.8, 3.6.x before 3.6.9 or 3.7.x before 3.7.4 and is prone to an information disclosure vulnerability. The flaw is present in the application, which fails to validate a specially crafted URLs. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed.