Published: 23/03/2019 Updated: 07/11/2023

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 571

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

urllib in Python 2.x up to and including 2.7.16 supports the local_file: scheme, which makes it easier for remote malicious users to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
python python
opensuse leap 42.3
opensuse leap 15.0
debian debian linux 8.0
debian debian linux 9.0
fedoraproject fedora 29
fedoraproject fedora 30
canonical ubuntu linux 18.04
canonical ubuntu linux 19.04
canonical ubuntu linux 14.04
canonical ubuntu linux 16.04
canonical ubuntu linux 12.04
redhat enterprise linux desktop 7.0
redhat enterprise linux workstation 7.0
redhat enterprise linux server 7.0
redhat enterprise linux desktop 8.0
redhat enterprise linux workstation 8.0
redhat enterprise linux server 8.0
redhat enterprise linux eus 8.1
redhat enterprise linux eus 8.2
redhat enterprise linux tus 8.2
redhat enterprise linux tus 8.4
redhat enterprise linux eus 8.4
redhat enterprise linux server eus 8.4
redhat enterprise linux eus 8.6
redhat enterprise linux tus 8.6

Several security issues were fixed in Python ...

Synopsis Important: python27-python security update Type/Severity Security Advisory: Important Topic An update for python27-python is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System ...

Synopsis Moderate: python27:27 security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for the python27:27 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Sco ...

Synopsis Moderate: python security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for python is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...

Synopsis Moderate: python security update Type/Severity Security Advisory: Moderate Topic An update for python is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Syst ...

Synopsis Moderate: python security update Type/Severity Security Advisory: Moderate Topic An update for python is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Syst ...

Synopsis Moderate: python3 security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for python3 is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) ba ...

Synopsis Moderate: python security update Type/Severity Security Advisory: Moderate Topic An update for python is now available for Red Hat Enterprise Linux 74 Advanced Update Support, Red Hat Enterprise Linux 74 Telco Extended Update Support, and Red Hat Enterprise Linux 74 Update Services for SAP Solut ...

urllib in Python 2716 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urlliburlopen('local_file:///etc/passwd') call (CVE-2019-9948) ...

A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it ...

Impact: Moderate Public Date: 2019-03-23 CWE: CWE-358 Bugzilla: 1695570: CVE-2019-9948 python-urllib3: ...

Critical Infrastructure Sectors: Critical Manufacturing

CWE-22 https://github.com/python/cpython/pull/11842 https://bugs.python.org/issue35907 http://www.securityfocus.com/bid/107549 https://security.netapp.com/advisory/ntap-20190404-0004/http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html https://access.redhat.com/errata/RHSA-2019:1700 https://lists.debian.org/debian-lts-announce/2019/07/msg00011.html https://access.redhat.com/errata/RHSA-2019:2030 https://usn.ubuntu.com/4127-2/https://usn.ubuntu.com/4127-1/https://seclists.org/bugtraq/2019/Oct/29 http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html https://access.redhat.com/errata/RHSA-2019:3335 https://access.redhat.com/errata/RHSA-2019:3520 https://security.gentoo.org/glsa/202003-26 https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E https://nvd.nist.gov https://usn.ubuntu.com/4127-2/https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10

Get Started

CVE-2019-9948

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect