7.5
CVSSv3

CVE-2021-3737

Published: 04/03/2022 Updated: 07/11/2023
CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 632
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Vulnerability Summary

In Python3's Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. (CVE-2020-27619) The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. (CVE-2021-23336) There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. (CVE-2021-3733) A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. (CVE-2021-3737) ftplib should not use the host from the PASV response (CVE-2021-4189) A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like r and n in the URL path. This flaw allows an malicious user to input a crafted URL, leading to injection attacks. (CVE-2022-0391)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

python python

redhat enterprise linux 7.0

redhat enterprise linux 6.0

redhat enterprise linux 8.0

redhat enterprise linux for power little endian 8.0

redhat enterprise linux for ibm z systems 8.0

redhat codeready linux builder for ibm z systems 8.0

redhat codeready linux builder for power little endian 8.0

redhat codeready linux builder 8.0

fedoraproject fedora 33

fedoraproject fedora 34

canonical ubuntu linux 18.04

canonical ubuntu linux 14.04

canonical ubuntu linux 20.04

canonical ubuntu linux 16.04

canonical ubuntu linux 21.04

netapp ontap select deploy administration utility -

netapp hci -

netapp management services for element software -

netapp netapp xcp smb -

netapp xcp nfs -

oracle communications cloud native core binding support function 22.1.3

oracle communications cloud native core policy 22.2.0

oracle communications cloud native core network exposure function 22.1.1

Vendor Advisories

In Python3's Lib/test/multibytecodec_supportpy CJK codec tests call eval() on content retrieved via HTTP (CVE-2020-27619) The package python/cpython is vulnerable to Web Cache Poisoning via urllibparseparse_qsl and urllibparseparse_qs by using a vector called parameter cloaking When the attacker can separate query parameters using a semicolo ...
In Python3's Lib/test/multibytecodec_supportpy CJK codec tests call eval() on content retrieved via HTTP (CVE-2020-27619) The package python/cpython is vulnerable to Web Cache Poisoning via urllibparseparse_qsl and urllibparseparse_qs by using a vector called parameter cloaking When the attacker can separate query parameters using a semicolo ...
Synopsis Moderate: python27:27 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the python27:27 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this ...
Synopsis Moderate: python3 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for python3 is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a se ...
Synopsis Important: Red Hat Advanced Cluster Management 25 security updates, images, and bug fixes Type/Severity Security Advisory: Important Topic Red Hat Advanced Cluster Management for Kubernetes 250 is now generally availableRed Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability ...
Synopsis Important: RHACS 368 security update Type/Severity Security Advisory: Important Topic Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS) The updated image includes bug and security fixesRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...
Synopsis Moderate: ACS 370 enhancement and security update Type/Severity Security Advisory: Moderate Topic Updated images are now available for Red Hat Advanced Cluster Security forKubernetes (RHACS) The updated image includes bug fixes and featureimprovementsRed Hat Product Security has rated this update as having a security impact of Mod ...
Synopsis Important: RHACS 369 security update Type/Severity Security Advisory: Important Topic Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS) The updated image includes bug and security fixesRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...
Synopsis Moderate: python27-python and python27-python-pip security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for python27-python and python27-python-pip is now available for Red Hat Software Collect ...
Synopsis Important: Red Hat OpenShift Service Mesh 213 Containers security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Service Mesh 213Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sever ...
Synopsis Important: Release of containers for OSP 162z director operator tech preview Type/Severity Security Advisory: Important Topic Red Hat OpenStack Platform 162 (Train) director operator containers, with several Important security fixes, are available for technology preview Description Release osp-director-operator imagesSecurity F ...
Synopsis Moderate: Release of OpenShift Serverless Version 1221 Type/Severity Security Advisory: Moderate Topic OpenShift Serverless version 1221 contains a moderate security impactThe References section contains CVE links providing detailed severity ratings for each vulnerability Ratings are based on a Common Vulnerability Scoring Syst ...
Synopsis Important: OpenShift Virtualization 4110 Images security and bug fix update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 4110 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a secur ...
Synopsis Moderate: Cryostat 211: new Cryostat on RHEL 8 container images Type/Severity Security Advisory: Moderate Topic New Cryostat 211 on RHEL 8 container images are now available Description New Cryostat 211 on RHEL 8 container images have been released, containing bug fixes and addressing the following security vulnerabilities: C ...
Synopsis Moderate: OpenShift Container Platform 4110 extras and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4110 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Conta ...
Synopsis Important: Migration Toolkit for Containers (MTC) 174 security and bug fix update Type/Severity Security Advisory: Important Topic The Migration Toolkit for Containers (MTC) 174 is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ba ...
Synopsis Moderate: Migration Toolkit for Containers (MTC) 172 security and bug fix update Type/Severity Security Advisory: Moderate Topic The Migration Toolkit for Containers (MTC) 172 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...
Synopsis Important: Red Hat OpenShift GitOps security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift GitOps 15 in openshift-gitops-argocd containerRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis Moderate: Migration Toolkit for Containers (MTC) 165 security and bug fix update Type/Severity Security Advisory: Moderate Topic The Migration Toolkit for Containers (MTC) 165 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...
Synopsis Important: Red Hat OpenShift GitOps security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift GitOps 13 in openshift-gitops-argocd containerRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
概述 Moderate: Red Hat Advanced Cluster Management 2311 security updates and bug fixes 类型/严重性 Security Advisory: Moderate 标题 Red Hat Advanced Cluster Management for Kubernetes 2311 generalavailability release images, which provide security updates and bug fixesRed Hat Product Security has rated this update as having a sec ...
Synopsis Important: OpenShift Container Platform 4110 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4110 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Co ...
Synopsis Important: Red Hat OpenShift GitOps security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift GitOps 13 in openshift-gitops-argocd containerRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis Important: Red Hat OpenShift GitOps security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift GitOps 14 in openshift-gitops-argocd containerRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis Moderate: Red Hat Advanced Cluster Management 245 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 245 GeneralAvailability release images, which fix bugs and update container imagesRed Hat Product Security has rated this update as having a security ...