CVE-2019-9636
Severity
9.8CRITICAL
EPSS
11.5%
top 6.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 8
Latest updateJul 11
Description
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than w…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages8 packages
Also affects: Debian Linux 8.0, 9.0, Fedora 28, 29, 30, 31, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 19.04, Enterprise Linux 7.5, 8.0, 8.1, 8.2, 8.4, 8.6, 7.4, 5.6, Openshift Container Platform 3.11
Patches
🔴Vulnerability Details
3📋Vendor Advisories
7Red Hat▶
python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc↗2019-06-03
💬Community
16Bugzilla▶
CVE-2019-10160 python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc↗2019-07-24
Bugzilla▶
CVE-2019-10160 python36: python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc [epel-7]↗2019-06-10
Bugzilla▶
CVE-2019-10160 python35: python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc [fedora-all]↗2019-06-10
Bugzilla▶
CVE-2019-10160 python34: python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc [fedora-all]↗2019-06-10
Bugzilla▶
CVE-2019-10160 python3: python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc [fedora-all]↗2019-06-10