CVE-2019-9947 -- python2.7, python3.4, python3.5, python3.6, python3.7| ID: oval:org.secpod.oval:def:1901767 | Date: (C)2019-06-25 (M)2023-12-20 |
| Class: VULNERABILITY | Family: unix |
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n followed by an HTTP header or a Redis command. This is similar to CVE-2019-9740.
| Platform: |
| Ubuntu 16.04 |
| Ubuntu 18.10 |
| Ubuntu 14.04 |
| Ubuntu 18.04 |
| Product: |
| python2.7 |
| python3.4 |
| python3.5 |
| python3.6 |
| python3.7 |
