Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2019-18348
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-23 Oct, 2019 | 17:15
Updated At-07 Nov, 2023 | 03:06

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
Python Software Foundation
python
>>python>>Versions from 2.0(inclusive) to 2.7.17(inclusive)
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>Versions from 3.0(inclusive) to 3.5.10(exclusive)
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>Versions from 3.6.0(inclusive) to 3.6.11(exclusive)
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>Versions from 3.7.0(inclusive) to 3.7.8(exclusive)
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>Versions from 3.8.0(inclusive) to 3.8.3(exclusive)
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-74Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00041.htmlcve@mitre.org
Mailing List
Technical Description
https://bugs.python.org/issue30458#msg347282cve@mitre.org
Issue Tracking
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1727276cve@mitre.org
Issue Tracking
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/07/msg00011.htmlcve@mitre.org
Mailing List
Technical Description
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/cve@mitre.org
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5NSAX4SC3V64PGZUPH7PRDLSON34Q5A/cve@mitre.org
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/cve@mitre.org
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/cve@mitre.org
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UESGYI5XDAHJBATEZN3MHNDUBDH47AS6/cve@mitre.org
N/A
https://security.netapp.com/advisory/ntap-20191107-0004/cve@mitre.org
Technical Description
https://usn.ubuntu.com/4333-1/cve@mitre.org
Technical Description
https://usn.ubuntu.com/4333-2/cve@mitre.org
Technical Description
https://www.oracle.com/security-alerts/cpuoct2020.htmlcve@mitre.org
Technical Description
Change History
0Changes found
Details not found