[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-9947":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":37,"duplicate_of":9,"upstream":38,"downstream":39,"duplicates":126,"related":127,"reserved_at":9,"published_at":154,"modified_at":155,"state":156,"summary":157,"references_raw":165,"kevs":264,"epss":265,"epss_history":268,"metrics":534,"affected":545},"CVE-2019-9947","An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-93","Improper Neutralization of CRLF Sequences ('CRLF Injection')","The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.","weakness","Draft","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-15","Command Delimiters",[],{"id":24,"name":25,"techniques":26},"CAPEC-81","Web Server Logs Tampering",[],[28],{"_key":29,"name":30,"source":31,"url":32,"maturity":33,"reliability_score":34,"verified":35,"type":9,"platforms":36,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_90D497A0D920FFDD","Exploit Reference (bugs.python.org)","reference","https://bugs.python.org/issue35906","unknown",0.2,false,[],[],[],[40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106,108,110,112,114,116,118,120,122,124],{"_key":41},"SUSE-SU-2020:0234-1",{"_key":43},"RHSA-2019:3520",{"_key":45},"OPENSUSE-SU-2024:11202-1",{"_key":47},"SUSE-RU-2020:0775-1",{"_key":49},"SUSE-SU-2019:1352-1",{"_key":51},"SUSE-SU-2019:1352-2",{"_key":53},"SUSE-SU-2019:14246-1",{"_key":55},"SUSE-SU-2019:2743-1",{"_key":57},"SUSE-SU-2020:0114-1",{"_key":59},"SUSE-SU-2020:0302-1",{"_key":61},"SUSE-SU-2020:2699-1",{"_key":63},"OPENSUSE-SU-2019:2389-1",{"_key":65},"OPENSUSE-SU-2019:2393-1",{"_key":67},"OPENSUSE-SU-2020:0086-1",{"_key":69},"OPENSUSE-SU-2024:11283-1",{"_key":71},"OPENSUSE-SU-2024:11284-1",{"_key":73},"OPENSUSE-SU-2024:11285-1",{"_key":75},"OPENSUSE-SU-2024:11286-1",{"_key":77},"OPENSUSE-SU-2024:12089-1",{"_key":79},"OPENSUSE-SU-2024:12910-1",{"_key":81},"OPENSUSE-SU-2024:14109-1",{"_key":83},"OPENSUSE-SU-2024:14434-1",{"_key":85},"RHSA-2019:1260",{"_key":87},"RHSA-2019:2030",{"_key":89},"RHSA-2019:3725",{"_key":91},"RHSA-2020:1268",{"_key":93},"RHSA-2020:1346",{"_key":95},"RHSA-2020:1462",{"_key":97},"DLA-1834-1",{"_key":99},"DLA-1835-1",{"_key":101},"DLA-2280-1",{"_key":103},"DLA-2337-1",{"_key":105},"SUSE-SU-2025:20025-1",{"_key":107},"SUSE-SU-2025:20154-1",{"_key":109},"SUSE-SU-2025:20492-1",{"_key":111},"RHSA-2019:3335",{"_key":113},"OPENSUSE-SU-2025:15713-1",{"_key":115},"MGASA-2019-0318",{"_key":117},"UBUNTU-CVE-2019-9947",{"_key":119},"USN-4127-1",{"_key":121},"USN-4127-2",{"_key":123},"DEBIAN-CVE-2019-9947",{"_key":125},"USN-6891-1",[],[128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153],{"_key":41},{"_key":45},{"_key":115},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":67},{"_key":69},{"_key":71},{"_key":73},{"_key":75},{"_key":77},{"_key":79},{"_key":81},{"_key":83},{"_key":105},{"_key":107},{"_key":109},{"_key":113},"2019-03-23T17:06:47.000Z","2024-08-04T22:10:08.547Z","Modified",{"cisa_kev":35,"cisa_ransomware":35,"cisa_vendor":9,"epss_severity":158,"epss_score":159,"severity":160,"severity_score":161,"severity_version":162,"severity_source":163,"severity_vector":164,"severity_status":156},"low",0.01161,"medium",6.1,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",[166,175,181,186,191,195,201,205,209,213,218,222,227,231,235,239,243,247,252,256,260],{"url":32,"sources":167,"tags":169},[168,163],"cve.org",[170,171,172,173,174],"X Refsource MISC","Exploit","Issue Tracking","Patch","Vendor Advisory",{"url":176,"sources":177,"tags":178},"https://security.netapp.com/advisory/ntap-20190404-0004/",[168,163],[179,180],"X Refsource CONFIRM","Third Party Advisory",{"url":182,"sources":183,"tags":184},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/",[168,163],[174,185],"X Refsource FEDORA",{"url":187,"sources":188,"tags":189},"https://access.redhat.com/errata/RHSA-2019:1260",[168,163],[174,190,180],"X Refsource REDHAT",{"url":192,"sources":193,"tags":194},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/",[168,163],[174,185],{"url":196,"sources":197,"tags":198},"https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html",[168,163],[199,200,180],"Mailing List","X Refsource MLIST",{"url":202,"sources":203,"tags":204},"https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html",[168,163],[199,200,180],{"url":206,"sources":207,"tags":208},"https://lists.debian.org/debian-lts-announce/2019/06/msg00026.html",[168,163],[199,200,180],{"url":210,"sources":211,"tags":212},"https://access.redhat.com/errata/RHSA-2019:2030",[168,163],[174,190,180],{"url":214,"sources":215,"tags":216},"https://usn.ubuntu.com/4127-2/",[168,163],[174,217,180],"X Refsource UBUNTU",{"url":219,"sources":220,"tags":221},"https://usn.ubuntu.com/4127-1/",[168,163],[174,217,180],{"url":223,"sources":224,"tags":225},"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html",[168,163],[174,226,199,180],"X Refsource SUSE",{"url":228,"sources":229,"tags":230},"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00063.html",[168,163],[174,226,199,180],{"url":232,"sources":233,"tags":234},"https://access.redhat.com/errata/RHSA-2019:3335",[168,163],[174,190,180],{"url":236,"sources":237,"tags":238},"https://access.redhat.com/errata/RHSA-2019:3520",[168,163],[174,190,180],{"url":240,"sources":241,"tags":242},"https://access.redhat.com/errata/RHSA-2019:3725",[168,163],[174,190,180],{"url":244,"sources":245,"tags":246},"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html",[168,163],[174,226,199,180],{"url":248,"sources":249,"tags":250},"https://security.gentoo.org/glsa/202003-26",[168,163],[174,251,180],"X Refsource GENTOO",{"url":253,"sources":254,"tags":255},"https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html",[168,163],[199,200,180],{"url":257,"sources":258,"tags":259},"https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html",[168,163],[199,200,180],{"url":261,"sources":262,"tags":263},"http://www.openwall.com/lists/oss-security/2021/02/04/2",[168,163],[199,200,180],[],{"date":266,"score":159,"percentile":267},"2026-06-04",0.78937,[269,273,275,278,281,284,287,289,292,295,298,301,304,307,310,314,317,320,324,327,330,333,336,339,342,345,347,349,353,356,359,362,365,368,371,374,377,380,383,386,389,392,395,398,401,404,407,410,412,415,418,421,424,426,430,433,436,439,442,446,449,452,455,458,460,463,466,469,472,475,478,481,483,486,489,492,495,497,500,503,505,508,511,514,517,520,523,525,527,530],{"date":270,"score":271,"percentile":272},"2025-11-04",0.01184,0.78096,{"date":274,"score":271,"percentile":272},"2025-11-05",{"date":276,"score":271,"percentile":277},"2025-11-06",0.78093,{"date":279,"score":271,"percentile":280},"2025-11-07",0.78107,{"date":282,"score":271,"percentile":283},"2025-11-08",0.78113,{"date":285,"score":271,"percentile":286},"2025-11-09",0.78108,{"date":288,"score":271,"percentile":272},"2025-11-10",{"date":290,"score":271,"percentile":291},"2025-11-11",0.78097,{"date":293,"score":271,"percentile":294},"2025-11-12",0.78114,{"date":296,"score":271,"percentile":297},"2025-11-13",0.78123,{"date":299,"score":271,"percentile":300},"2025-11-14",0.78133,{"date":302,"score":271,"percentile":303},"2025-11-15",0.7813,{"date":305,"score":271,"percentile":306},"2025-11-16",0.78134,{"date":308,"score":271,"percentile":309},"2025-11-17",0.78127,{"date":311,"score":312,"percentile":313},"2025-11-18",0.00837,0.72613,{"date":315,"score":312,"percentile":316},"2025-11-19",0.7262,{"date":318,"score":312,"percentile":319},"2025-11-20",0.72629,{"date":321,"score":322,"percentile":323},"2025-11-21",0.01217,0.78438,{"date":325,"score":322,"percentile":326},"2025-11-22",0.78439,{"date":328,"score":322,"percentile":329},"2025-11-23",0.78427,{"date":331,"score":322,"percentile":332},"2025-11-24",0.78426,{"date":334,"score":322,"percentile":335},"2025-11-25",0.7843,{"date":337,"score":322,"percentile":338},"2025-11-26",0.78433,{"date":340,"score":322,"percentile":341},"2025-11-27",0.78437,{"date":343,"score":322,"percentile":344},"2025-11-28",0.78429,{"date":346,"score":322,"percentile":338},"2025-11-29",{"date":348,"score":322,"percentile":338},"2025-11-30",{"date":350,"score":351,"percentile":352},"2025-12-01",0.00981,0.76203,{"date":354,"score":351,"percentile":355},"2025-12-02",0.76207,{"date":357,"score":351,"percentile":358},"2025-12-03",0.76196,{"date":360,"score":322,"percentile":361},"2025-12-04",0.78423,{"date":363,"score":271,"percentile":364},"2025-12-05",0.78153,{"date":366,"score":271,"percentile":367},"2025-12-06",0.78156,{"date":369,"score":271,"percentile":370},"2025-12-07",0.7815,{"date":372,"score":271,"percentile":373},"2025-12-08",0.78154,{"date":375,"score":271,"percentile":376},"2025-12-09",0.78172,{"date":378,"score":271,"percentile":379},"2025-12-10",0.78196,{"date":381,"score":271,"percentile":382},"2025-12-11",0.78212,{"date":384,"score":271,"percentile":385},"2025-12-12",0.7823,{"date":387,"score":271,"percentile":388},"2025-12-13",0.78231,{"date":390,"score":271,"percentile":391},"2025-12-14",0.78228,{"date":393,"score":271,"percentile":394},"2025-12-15",0.78227,{"date":396,"score":271,"percentile":397},"2025-12-16",0.78239,{"date":399,"score":271,"percentile":400},"2025-12-17",0.78248,{"date":402,"score":322,"percentile":403},"2025-12-18",0.78543,{"date":405,"score":322,"percentile":406},"2025-12-19",0.78554,{"date":408,"score":322,"percentile":409},"2025-12-20",0.78551,{"date":411,"score":322,"percentile":403},"2025-12-21",{"date":413,"score":322,"percentile":414},"2025-12-22",0.78546,{"date":416,"score":322,"percentile":417},"2025-12-23",0.78547,{"date":419,"score":271,"percentile":420},"2025-12-24",0.7828,{"date":422,"score":271,"percentile":423},"2025-12-25",0.783,{"date":425,"score":271,"percentile":423},"2025-12-26",{"date":427,"score":428,"percentile":429},"2025-12-27",0.01017,0.76712,{"date":431,"score":271,"percentile":432},"2025-12-28",0.78289,{"date":434,"score":271,"percentile":435},"2025-12-29",0.78287,{"date":437,"score":271,"percentile":438},"2025-12-30",0.78293,{"date":440,"score":271,"percentile":441},"2025-12-31",0.78306,{"date":443,"score":444,"percentile":445},"2026-01-01",0.00954,0.76012,{"date":447,"score":444,"percentile":448},"2026-01-02",0.76016,{"date":450,"score":444,"percentile":451},"2026-01-03",0.76015,{"date":453,"score":271,"percentile":454},"2026-01-04",0.78308,{"date":456,"score":271,"percentile":457},"2026-01-05",0.78302,{"date":459,"score":159,"percentile":303},"2026-01-06",{"date":461,"score":159,"percentile":462},"2026-01-07",0.78137,{"date":464,"score":159,"percentile":465},"2026-01-08",0.78145,{"date":467,"score":159,"percentile":468},"2026-01-09",0.78148,{"date":470,"score":159,"percentile":471},"2026-01-10",0.78149,{"date":473,"score":159,"percentile":474},"2026-01-11",0.78141,{"date":476,"score":159,"percentile":477},"2026-01-12",0.78129,{"date":479,"score":159,"percentile":480},"2026-01-13",0.78126,{"date":482,"score":159,"percentile":468},"2026-01-14",{"date":484,"score":159,"percentile":485},"2026-01-15",0.78151,{"date":487,"score":159,"percentile":488},"2026-01-16",0.78158,{"date":490,"score":159,"percentile":491},"2026-01-17",0.78165,{"date":493,"score":159,"percentile":494},"2026-01-18",0.7816,{"date":496,"score":159,"percentile":488},"2026-01-19",{"date":498,"score":159,"percentile":499},"2026-01-20",0.78152,{"date":501,"score":159,"percentile":502},"2026-01-21",0.78157,{"date":504,"score":159,"percentile":491},"2026-01-22",{"date":506,"score":159,"percentile":507},"2026-01-23",0.78191,{"date":509,"score":159,"percentile":510},"2026-01-24",0.78203,{"date":512,"score":159,"percentile":513},"2026-01-25",0.78197,{"date":515,"score":159,"percentile":516},"2026-01-26",0.7819,{"date":518,"score":159,"percentile":519},"2026-01-27",0.78189,{"date":521,"score":159,"percentile":522},"2026-01-28",0.78193,{"date":524,"score":159,"percentile":519},"2026-01-29",{"date":526,"score":159,"percentile":522},"2026-01-30",{"date":528,"score":159,"percentile":529},"2026-01-31",0.78195,{"date":531,"score":532,"percentile":533},"2026-02-01",0.00936,0.75866,[535],{"source":163,"cvss_v2_0":536,"cvss_v3_0":9,"cvss_v3_1":541,"cvss_v4_0":9},{"baseScore":537,"baseSeverity":9,"vectorString":538,"impactScore":539,"exploitabilityScore":540},4.3,"AV:N/AC:M/Au:N/C:N/I:P/A:N",2.9,8.6,{"baseScore":161,"baseSeverity":542,"vectorString":164,"impactScore":543,"exploitabilityScore":544},"MEDIUM",4.5,7.2,[546],{"ecosystem":9,"name":547,"vendor":547,"product":547,"cpe_part":548,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":549},"python","a",[550,558,562,566],{"version":551,"is_range":552,"range_type":553,"version_start":554,"version_start_type":555,"version_end":556,"version_end_type":557,"fixed_in":9},"gte2.7.0_lt2.7.17",true,"cpe","2.7.0","including","2.7.17","excluding",{"version":559,"is_range":552,"range_type":553,"version_start":560,"version_start_type":555,"version_end":561,"version_end_type":557,"fixed_in":9},"gte3.5.0_lt3.5.8","3.5.0","3.5.8",{"version":563,"is_range":552,"range_type":553,"version_start":564,"version_start_type":555,"version_end":565,"version_end_type":557,"fixed_in":9},"gte3.6.0_lt3.6.9","3.6.0","3.6.9",{"version":567,"is_range":552,"range_type":553,"version_start":568,"version_start_type":555,"version_end":569,"version_end_type":557,"fixed_in":9},"gte3.7.0_lt3.7.4","3.7.0","3.7.4"]