[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-9740":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":37,"duplicate_of":9,"upstream":38,"downstream":39,"duplicates":104,"related":105,"reserved_at":9,"published_at":121,"modified_at":122,"state":123,"summary":124,"references_raw":132,"kevs":265,"epss":266,"epss_history":269,"metrics":526,"affected":537},"CVE-2019-9740","An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-93","Improper Neutralization of CRLF Sequences ('CRLF Injection')","The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.","weakness","Draft","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-15","Command Delimiters",[],{"id":24,"name":25,"techniques":26},"CAPEC-81","Web Server Logs Tampering",[],[28],{"_key":29,"name":30,"source":31,"url":32,"maturity":33,"reliability_score":34,"verified":35,"type":9,"platforms":36,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_5CDDBAC11CA26778","Exploit Reference (bugs.python.org)","reference","https://bugs.python.org/issue36276","unknown",0.2,false,[],[],[],[40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102],{"_key":41},"SUSE-SU-2019:2391-1",{"_key":43},"SUSE-SU-2020:3624-1",{"_key":45},"RHSA-2019:3520",{"_key":47},"OPENSUSE-SU-2024:14128-1",{"_key":49},"SUSE-SU-2019:2267-1",{"_key":51},"SUSE-SU-2019:2300-1",{"_key":53},"SUSE-SU-2019:2331-1",{"_key":55},"SUSE-SU-2019:2332-1",{"_key":57},"SUSE-SU-2019:2370-1",{"_key":59},"SUSE-SU-2019:2399-1",{"_key":61},"OPENSUSE-SU-2019:2131-1",{"_key":63},"OPENSUSE-SU-2019:2133-1",{"_key":65},"OPENSUSE-SU-2024:11204-1",{"_key":67},"OPENSUSE-SU-2024:11277-1",{"_key":69},"OPENSUSE-SU-2024:14055-1",{"_key":71},"RHSA-2019:1260",{"_key":73},"RHSA-2019:2030",{"_key":75},"RHSA-2019:3725",{"_key":77},"RHSA-2020:1268",{"_key":79},"RHSA-2020:1346",{"_key":81},"RHSA-2020:1462",{"_key":83},"DLA-1834-1",{"_key":85},"DLA-1835-1",{"_key":87},"DLA-2280-1",{"_key":89},"DLA-2337-1",{"_key":91},"RHSA-2019:3335",{"_key":93},"MGASA-2019-0318",{"_key":95},"UBUNTU-CVE-2019-9740",{"_key":97},"USN-4127-1",{"_key":99},"USN-4127-2",{"_key":101},"DEBIAN-CVE-2019-9740",{"_key":103},"USN-6891-1",[],[106,107,108,109,110,111,112,113,114,115,116,117,118,119,120],{"_key":41},{"_key":43},{"_key":47},{"_key":93},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":67},{"_key":69},"2019-03-13T03:00:00.000Z","2024-08-04T22:01:54.079Z","Modified",{"cisa_kev":35,"cisa_ransomware":35,"cisa_vendor":9,"epss_severity":125,"epss_score":126,"severity":127,"severity_score":128,"severity_version":129,"severity_source":130,"severity_vector":131,"severity_status":123},"low",0.0991,"medium",6.1,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",[133,141,147,152,156,162,166,170,174,178,182,187,192,196,200,205,209,213,217,221,225,229,234,238,242,247,251,255,260],{"url":134,"sources":135,"tags":137},"http://www.securityfocus.com/bid/107466",[136,130],"cve.org",[138,139,140],"VDB Entry","X Refsource BID","Third Party Advisory",{"url":142,"sources":143,"tags":144},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/",[136,130],[145,146],"Vendor Advisory","X Refsource FEDORA",{"url":148,"sources":149,"tags":150},"https://access.redhat.com/errata/RHSA-2019:1260",[136,130],[145,151,140],"X Refsource REDHAT",{"url":153,"sources":154,"tags":155},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/",[136,130],[145,146],{"url":157,"sources":158,"tags":159},"https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html",[136,130],[160,161,140],"Mailing List","X Refsource MLIST",{"url":163,"sources":164,"tags":165},"https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html",[136,130],[160,161,140],{"url":167,"sources":168,"tags":169},"https://lists.debian.org/debian-lts-announce/2019/06/msg00026.html",[136,130],[160,161,140],{"url":171,"sources":172,"tags":173},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/",[136,130],[145,146],{"url":175,"sources":176,"tags":177},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/",[136,130],[145,146],{"url":179,"sources":180,"tags":181},"https://access.redhat.com/errata/RHSA-2019:2030",[136,130],[145,151,140],{"url":183,"sources":184,"tags":185},"https://usn.ubuntu.com/4127-2/",[136,130],[145,186,140],"X Refsource UBUNTU",{"url":188,"sources":189,"tags":190},"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html",[136,130],[145,191,160,140],"X Refsource SUSE",{"url":193,"sources":194,"tags":195},"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html",[136,130],[145,191,160,140],{"url":197,"sources":198,"tags":199},"https://usn.ubuntu.com/4127-1/",[136,130],[145,186,140],{"url":201,"sources":202,"tags":203},"https://seclists.org/bugtraq/2019/Oct/29",[136,130],[160,204,140],"X Refsource BUGTRAQ",{"url":206,"sources":207,"tags":208},"https://access.redhat.com/errata/RHSA-2019:3335",[136,130],[145,151,140],{"url":210,"sources":211,"tags":212},"https://access.redhat.com/errata/RHSA-2019:3520",[136,130],[145,151,140],{"url":214,"sources":215,"tags":216},"https://access.redhat.com/errata/RHSA-2019:3725",[136,130],[145,151,140],{"url":218,"sources":219,"tags":220},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/",[136,130],[145,146],{"url":222,"sources":223,"tags":224},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/",[136,130],[145,146],{"url":226,"sources":227,"tags":228},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/",[136,130],[145,146],{"url":230,"sources":231,"tags":232},"https://security.gentoo.org/glsa/202003-26",[136,130],[145,233,140],"X Refsource GENTOO",{"url":235,"sources":236,"tags":237},"https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html",[136,130],[160,161,140],{"url":239,"sources":240,"tags":241},"https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html",[136,130],[160,161,140],{"url":243,"sources":244,"tags":245},"http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html",[136,130],[246,140,138],"X Refsource MISC",{"url":248,"sources":249,"tags":250},"http://www.openwall.com/lists/oss-security/2021/02/04/2",[136,130],[160,161,140],{"url":252,"sources":253,"tags":254},"https://www.oracle.com/security-alerts/cpujul2022.html",[136,130],[246,140],{"url":32,"sources":256,"tags":257},[136,130],[246,258,259,145],"Exploit","Issue Tracking",{"url":261,"sources":262,"tags":263},"https://security.netapp.com/advisory/ntap-20190619-0005/",[136,130],[264,140],"X Refsource CONFIRM",[],{"date":267,"score":126,"percentile":268},"2026-06-04",0.93153,[270,274,277,280,283,285,288,290,293,296,299,302,305,307,310,314,317,320,324,328,331,334,337,339,341,343,345,348,351,354,357,360,363,366,368,371,373,377,380,383,386,389,392,395,398,402,405,408,410,413,416,419,422,425,429,432,435,437,440,443,446,449,452,454,457,460,462,465,468,471,473,475,478,480,483,486,489,492,494,497,500,503,506,508,510,513,516,519,521,523],{"date":271,"score":272,"percentile":273},"2025-11-04",0.11774,0.93397,{"date":275,"score":272,"percentile":276},"2025-11-05",0.93396,{"date":278,"score":272,"percentile":279},"2025-11-06",0.93398,{"date":281,"score":272,"percentile":282},"2025-11-07",0.93402,{"date":284,"score":272,"percentile":282},"2025-11-08",{"date":286,"score":272,"percentile":287},"2025-11-09",0.934,{"date":289,"score":272,"percentile":287},"2025-11-10",{"date":291,"score":272,"percentile":292},"2025-11-11",0.93403,{"date":294,"score":272,"percentile":295},"2025-11-12",0.93409,{"date":297,"score":272,"percentile":298},"2025-11-13",0.93412,{"date":300,"score":272,"percentile":301},"2025-11-14",0.93414,{"date":303,"score":272,"percentile":304},"2025-11-15",0.93408,{"date":306,"score":272,"percentile":298},"2025-11-16",{"date":308,"score":272,"percentile":309},"2025-11-17",0.9341,{"date":311,"score":312,"percentile":313},"2025-11-18",0.05071,0.88749,{"date":315,"score":312,"percentile":316},"2025-11-19",0.88753,{"date":318,"score":312,"percentile":319},"2025-11-20",0.88757,{"date":321,"score":322,"percentile":323},"2025-11-21",0.11892,0.93458,{"date":325,"score":326,"percentile":327},"2025-11-22",0.12053,0.93502,{"date":329,"score":326,"percentile":330},"2025-11-23",0.93506,{"date":332,"score":326,"percentile":333},"2025-11-24",0.93507,{"date":335,"score":326,"percentile":336},"2025-11-25",0.93509,{"date":338,"score":326,"percentile":333},"2025-11-26",{"date":340,"score":326,"percentile":336},"2025-11-27",{"date":342,"score":326,"percentile":327},"2025-11-28",{"date":344,"score":326,"percentile":336},"2025-11-29",{"date":346,"score":326,"percentile":347},"2025-11-30",0.93508,{"date":349,"score":326,"percentile":350},"2025-12-01",0.93552,{"date":352,"score":326,"percentile":353},"2025-12-02",0.93556,{"date":355,"score":326,"percentile":356},"2025-12-03",0.93558,{"date":358,"score":326,"percentile":359},"2025-12-04",0.93512,{"date":361,"score":272,"percentile":362},"2025-12-05",0.93432,{"date":364,"score":272,"percentile":365},"2025-12-06",0.93431,{"date":367,"score":272,"percentile":362},"2025-12-07",{"date":369,"score":272,"percentile":370},"2025-12-08",0.93435,{"date":372,"score":272,"percentile":370},"2025-12-09",{"date":374,"score":375,"percentile":376},"2025-12-10",0.10079,0.92822,{"date":378,"score":375,"percentile":379},"2025-12-11",0.92824,{"date":381,"score":375,"percentile":382},"2025-12-12",0.92828,{"date":384,"score":375,"percentile":385},"2025-12-13",0.92817,{"date":387,"score":375,"percentile":388},"2025-12-14",0.92814,{"date":390,"score":375,"percentile":391},"2025-12-15",0.92818,{"date":393,"score":375,"percentile":394},"2025-12-16",0.92827,{"date":396,"score":375,"percentile":397},"2025-12-17",0.92834,{"date":399,"score":400,"percentile":401},"2025-12-18",0.10324,0.92939,{"date":403,"score":400,"percentile":404},"2025-12-19",0.9294,{"date":406,"score":400,"percentile":407},"2025-12-20",0.92936,{"date":409,"score":400,"percentile":407},"2025-12-21",{"date":411,"score":400,"percentile":412},"2025-12-22",0.92931,{"date":414,"score":400,"percentile":415},"2025-12-23",0.92933,{"date":417,"score":375,"percentile":418},"2025-12-24",0.92835,{"date":420,"score":375,"percentile":421},"2025-12-25",0.9284,{"date":423,"score":375,"percentile":424},"2025-12-26",0.92837,{"date":426,"score":427,"percentile":428},"2025-12-27",0.098,0.92742,{"date":430,"score":126,"percentile":431},"2025-12-28",0.92757,{"date":433,"score":126,"percentile":434},"2025-12-29",0.92755,{"date":436,"score":126,"percentile":431},"2025-12-30",{"date":438,"score":126,"percentile":439},"2025-12-31",0.92764,{"date":441,"score":126,"percentile":442},"2026-01-01",0.92816,{"date":444,"score":126,"percentile":445},"2026-01-02",0.92808,{"date":447,"score":126,"percentile":448},"2026-01-03",0.92807,{"date":450,"score":126,"percentile":451},"2026-01-04",0.92765,{"date":453,"score":126,"percentile":451},"2026-01-05",{"date":455,"score":126,"percentile":456},"2026-01-06",0.92767,{"date":458,"score":126,"percentile":459},"2026-01-07",0.92766,{"date":461,"score":126,"percentile":456},"2026-01-08",{"date":463,"score":126,"percentile":464},"2026-01-09",0.9277,{"date":466,"score":126,"percentile":467},"2026-01-10",0.92777,{"date":469,"score":126,"percentile":470},"2026-01-11",0.92775,{"date":472,"score":126,"percentile":470},"2026-01-12",{"date":474,"score":126,"percentile":470},"2026-01-13",{"date":476,"score":126,"percentile":477},"2026-01-14",0.92784,{"date":479,"score":126,"percentile":477},"2026-01-15",{"date":481,"score":126,"percentile":482},"2026-01-16",0.92787,{"date":484,"score":126,"percentile":485},"2026-01-17",0.92789,{"date":487,"score":126,"percentile":488},"2026-01-18",0.92782,{"date":490,"score":126,"percentile":491},"2026-01-19",0.92785,{"date":493,"score":126,"percentile":482},"2026-01-20",{"date":495,"score":126,"percentile":496},"2026-01-21",0.92793,{"date":498,"score":126,"percentile":499},"2026-01-22",0.92797,{"date":501,"score":126,"percentile":502},"2026-01-23",0.92801,{"date":504,"score":126,"percentile":505},"2026-01-24",0.92805,{"date":507,"score":126,"percentile":448},"2026-01-25",{"date":509,"score":126,"percentile":445},"2026-01-26",{"date":511,"score":126,"percentile":512},"2026-01-27",0.92811,{"date":514,"score":126,"percentile":515},"2026-01-28",0.92813,{"date":517,"score":126,"percentile":518},"2026-01-29",0.92812,{"date":520,"score":126,"percentile":512},"2026-01-30",{"date":522,"score":126,"percentile":518},"2026-01-31",{"date":524,"score":126,"percentile":525},"2026-02-01",0.92849,[527],{"source":130,"cvss_v2_0":528,"cvss_v3_0":9,"cvss_v3_1":533,"cvss_v4_0":9},{"baseScore":529,"baseSeverity":9,"vectorString":530,"impactScore":531,"exploitabilityScore":532},4.3,"AV:N/AC:M/Au:N/C:N/I:P/A:N",2.9,8.6,{"baseScore":128,"baseSeverity":534,"vectorString":131,"impactScore":535,"exploitabilityScore":536},"MEDIUM",4.5,7.2,[538],{"ecosystem":9,"name":539,"vendor":539,"product":539,"cpe_part":540,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":541},"python","a",[542,550,554,558],{"version":543,"is_range":544,"range_type":545,"version_start":546,"version_start_type":547,"version_end":548,"version_end_type":549,"fixed_in":9},"gte2.0_lt2.7.17",true,"cpe","2.0","including","2.7.17","excluding",{"version":551,"is_range":544,"range_type":545,"version_start":552,"version_start_type":547,"version_end":553,"version_end_type":549,"fixed_in":9},"gte3.5.0_lt3.5.8","3.5.0","3.5.8",{"version":555,"is_range":544,"range_type":545,"version_start":556,"version_start_type":547,"version_end":557,"version_end_type":549,"fixed_in":9},"gte3.6.0_lt3.6.9","3.6.0","3.6.9",{"version":559,"is_range":544,"range_type":545,"version_start":560,"version_start_type":547,"version_end":561,"version_end_type":549,"fixed_in":9},"gte3.7.0_lt3.7.4","3.7.0","3.7.4"]