Information disclosure vulnerability in Python via a specially crafted URLs - CVE-2019-10160ID: oval:org.secpod.oval:def:71317 | Date: (C)2021-04-21 (M)2024-04-17 |
Class: VULNERABILITY | Family: windows |
The host is installed with Python 2.7.x through 2.7.16, 3.5.x before 3.5.8, 3.6.x before 3.6.9 or 3.7.x before 3.7.4 and is prone to an information disclosure vulnerability. The flaw is present in the application, which fails to validate a specially crafted URLs. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed.
Platform: |
Microsoft Windows Server 2022 |
Microsoft Windows 11 |
Microsoft Windows Server 2008 |
Microsoft Windows 7 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows 10 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |