CVE-2019-10160 — Encoding Error in Python

CWE-172 — Encoding Error CWE-522 — Insufficiently Protected Credentials17 documents8 sources

Severity

9.8CRITICALNVD

EPSS

1.8%

top 17.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Python Canonical Ubuntu Linux Debian Linux +9 more

Timeline

PublishedJun 7

Latest updateJul 11

Description

A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the appl…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

▶NVDpython/python2.7.0 — 2.7.17+4

▶CVEListV5python/pythonaffects 2.7, 3.5, 3.6, 3.7, >= v3.8.0a4 and < v3.8.0b1

▶NVDopensuse/leap15.0, 15.1+1

▶NVDredhat/virtualization4.0

▶NVDredhat/enterprise_linux_server7.0

Also affects: Debian Linux 8.0, 9.0, Fedora 29, 30, 31, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 19.04, Enterprise Linux 7.6

Patches

Patch: bugzilla.redhat.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-379v-rm3f-c48g: A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2↗2022-05-24

▶

OSV

CVE-2019-10160: A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2↗2019-06-07

▶

CVEList

CVE-2019-10160: A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2↗2019-06-07

▶

📋Vendor Advisories

Ubuntu

Python vulnerabilities↗2024-07-11

▶

Ubuntu

Python vulnerabilities↗2019-09-10

▶

Ubuntu

Python vulnerabilities↗2019-09-09

▶

Red Hat

python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc↗2019-06-03

▶

Debian

CVE-2019-10160: python2.7 - A security regression of CVE-2019-9636 was discovered in python since commit d53...↗2019

▶

💬Community

Bugzilla

CVE-2019-10160 python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc↗2019-07-24

▶

Bugzilla

CVE-2019-10160 python36: python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc [epel-7]↗2019-06-10

▶

Bugzilla

CVE-2019-10160 python35: python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc [fedora-all]↗2019-06-10

▶

Bugzilla

CVE-2019-10160 python34: python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc [fedora-all]↗2019-06-10

▶

Bugzilla

CVE-2019-10160 python3: python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc [fedora-all]↗2019-06-10

▶