[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-9948":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":50,"duplicate_of":9,"upstream":51,"downstream":52,"duplicates":105,"related":106,"reserved_at":9,"published_at":115,"modified_at":116,"state":117,"summary":118,"references_raw":126,"kevs":232,"epss":233,"epss_history":236,"metrics":491,"affected":501},"CVE-2019-9948","urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],[41],{"_key":42,"name":43,"source":44,"url":45,"maturity":46,"reliability_score":47,"verified":48,"type":9,"platforms":49,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_57403EA7994279B6","Exploit Reference (bugs.python.org)","reference","https://bugs.python.org/issue35907","unknown",0.2,false,[],[],[],[53,55,57,59,61,63,65,67,69,71,73,75,77,79,81,83,85,87,89,91,93,95,97,99,101,103],{"_key":54},"ALPINE-CVE-2019-9948",{"_key":56},"SUSE-SU-2020:0234-1",{"_key":58},"RHSA-2019:3520",{"_key":60},"OPENSUSE-SU-2024:11202-1",{"_key":62},"SUSE-SU-2019:0972-1",{"_key":64},"SUSE-SU-2019:14018-1",{"_key":66},"SUSE-SU-2019:1439-1",{"_key":68},"OPENSUSE-SU-2019:1273-1",{"_key":70},"RHSA-2019:1700",{"_key":72},"RHSA-2019:2030",{"_key":74},"RHSA-2019:3725",{"_key":76},"RHSA-2020:1268",{"_key":78},"RHSA-2020:1346",{"_key":80},"RHSA-2020:1462",{"_key":82},"DLA-1834-1",{"_key":84},"DLA-1852-1",{"_key":86},"DLA-2280-1",{"_key":88},"DLA-2337-1",{"_key":90},"RHSA-2019:3335",{"_key":92},"MGASA-2019-0165",{"_key":94},"MGASA-2019-0318",{"_key":96},"UBUNTU-CVE-2019-9948",{"_key":98},"USN-4127-1",{"_key":100},"USN-4127-2",{"_key":102},"DEBIAN-CVE-2019-9948",{"_key":104},"USN-6891-1",[],[107,108,109,110,111,112,113,114],{"_key":56},{"_key":60},{"_key":92},{"_key":94},{"_key":62},{"_key":64},{"_key":66},{"_key":68},"2019-03-23T17:07:08.000Z","2024-08-04T22:10:08.400Z","Modified",{"cisa_kev":48,"cisa_ransomware":48,"cisa_vendor":9,"epss_severity":119,"epss_score":120,"severity":121,"severity_score":122,"severity_version":123,"severity_source":124,"severity_vector":125,"severity_status":117},"low",0.00918,"critical",9.1,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",[127,135,141,147,152,158,162,167,172,176,181,185,189,194,198,203,207,211,215,220,224,228],{"url":45,"sources":128,"tags":130},[129,124],"cve.org",[131,132,133,134],"X Refsource MISC","Exploit","Issue Tracking","Vendor Advisory",{"url":136,"sources":137,"tags":138},"https://github.com/python/cpython/pull/11842",[129,124],[131,139,140],"Patch","Third Party Advisory",{"url":142,"sources":143,"tags":144},"http://www.securityfocus.com/bid/107549",[129,124],[145,146,140],"VDB Entry","X Refsource BID",{"url":148,"sources":149,"tags":150},"https://security.netapp.com/advisory/ntap-20190404-0004/",[129,124],[151,140],"X Refsource CONFIRM",{"url":153,"sources":154,"tags":155},"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html",[129,124],[134,156,157,140],"X Refsource SUSE","Mailing List",{"url":159,"sources":160,"tags":161},"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html",[129,124],[134,156,157,140],{"url":163,"sources":164,"tags":165},"https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html",[129,124],[157,166,140],"X Refsource MLIST",{"url":168,"sources":169,"tags":170},"https://access.redhat.com/errata/RHSA-2019:1700",[129,124],[134,171,140],"X Refsource REDHAT",{"url":173,"sources":174,"tags":175},"https://lists.debian.org/debian-lts-announce/2019/07/msg00011.html",[129,124],[157,166,140],{"url":177,"sources":178,"tags":179},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/",[129,124],[134,180],"X Refsource FEDORA",{"url":182,"sources":183,"tags":184},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/",[129,124],[134,180],{"url":186,"sources":187,"tags":188},"https://access.redhat.com/errata/RHSA-2019:2030",[129,124],[134,171,140],{"url":190,"sources":191,"tags":192},"https://usn.ubuntu.com/4127-2/",[129,124],[134,193,140],"X Refsource UBUNTU",{"url":195,"sources":196,"tags":197},"https://usn.ubuntu.com/4127-1/",[129,124],[134,193,140],{"url":199,"sources":200,"tags":201},"https://seclists.org/bugtraq/2019/Oct/29",[129,124],[157,202,140],"X Refsource BUGTRAQ",{"url":204,"sources":205,"tags":206},"http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html",[129,124],[131,140,145],{"url":208,"sources":209,"tags":210},"https://access.redhat.com/errata/RHSA-2019:3335",[129,124],[134,171,140],{"url":212,"sources":213,"tags":214},"https://access.redhat.com/errata/RHSA-2019:3520",[129,124],[134,171,140],{"url":216,"sources":217,"tags":218},"https://security.gentoo.org/glsa/202003-26",[129,124],[134,219,140],"X Refsource GENTOO",{"url":221,"sources":222,"tags":223},"https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html",[129,124],[157,166,140],{"url":225,"sources":226,"tags":227},"https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E",[129,124],[157,166],{"url":229,"sources":230,"tags":231},"https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html",[129,124],[157,166,140],[],{"date":234,"score":120,"percentile":235},"2026-06-04",0.76327,[237,241,244,247,250,253,256,258,260,263,266,269,272,275,278,282,285,288,291,294,296,299,302,305,308,310,313,315,318,321,324,326,328,330,332,335,338,341,344,347,350,353,356,359,362,365,368,371,374,377,379,381,384,387,391,394,397,400,403,406,409,412,415,418,420,423,425,427,430,433,436,438,441,443,446,449,452,454,457,459,462,465,468,471,473,476,479,482,485,488],{"date":238,"score":239,"percentile":240},"2025-11-04",0.00936,0.75427,{"date":242,"score":239,"percentile":243},"2025-11-05",0.75422,{"date":245,"score":239,"percentile":246},"2025-11-06",0.75418,{"date":248,"score":239,"percentile":249},"2025-11-07",0.75434,{"date":251,"score":239,"percentile":252},"2025-11-08",0.75433,{"date":254,"score":239,"percentile":255},"2025-11-09",0.75429,{"date":257,"score":239,"percentile":246},"2025-11-10",{"date":259,"score":239,"percentile":243},"2025-11-11",{"date":261,"score":239,"percentile":262},"2025-11-12",0.75441,{"date":264,"score":239,"percentile":265},"2025-11-13",0.75447,{"date":267,"score":239,"percentile":268},"2025-11-14",0.75452,{"date":270,"score":239,"percentile":271},"2025-11-15",0.7545,{"date":273,"score":239,"percentile":274},"2025-11-16",0.75448,{"date":276,"score":239,"percentile":277},"2025-11-17",0.7544,{"date":279,"score":280,"percentile":281},"2025-11-18",0.01513,0.79581,{"date":283,"score":280,"percentile":284},"2025-11-19",0.79586,{"date":286,"score":280,"percentile":287},"2025-11-20",0.79592,{"date":289,"score":239,"percentile":290},"2025-11-21",0.75466,{"date":292,"score":239,"percentile":293},"2025-11-22",0.75465,{"date":295,"score":239,"percentile":271},"2025-11-23",{"date":297,"score":239,"percentile":298},"2025-11-24",0.75449,{"date":300,"score":239,"percentile":301},"2025-11-25",0.75454,{"date":303,"score":239,"percentile":304},"2025-11-26",0.75461,{"date":306,"score":239,"percentile":307},"2025-11-27",0.75463,{"date":309,"score":239,"percentile":268},"2025-11-28",{"date":311,"score":239,"percentile":312},"2025-11-29",0.75453,{"date":314,"score":239,"percentile":298},"2025-11-30",{"date":316,"score":239,"percentile":317},"2025-12-01",0.75577,{"date":319,"score":239,"percentile":320},"2025-12-02",0.75584,{"date":322,"score":239,"percentile":323},"2025-12-03",0.75572,{"date":325,"score":239,"percentile":262},"2025-12-04",{"date":327,"score":239,"percentile":274},"2025-12-05",{"date":329,"score":239,"percentile":312},"2025-12-06",{"date":331,"score":239,"percentile":271},"2025-12-07",{"date":333,"score":239,"percentile":334},"2025-12-08",0.75455,{"date":336,"score":239,"percentile":337},"2025-12-09",0.75483,{"date":339,"score":239,"percentile":340},"2025-12-10",0.75512,{"date":342,"score":239,"percentile":343},"2025-12-11",0.75528,{"date":345,"score":239,"percentile":346},"2025-12-12",0.75553,{"date":348,"score":239,"percentile":349},"2025-12-13",0.75556,{"date":351,"score":239,"percentile":352},"2025-12-14",0.75552,{"date":354,"score":239,"percentile":355},"2025-12-15",0.75551,{"date":357,"score":239,"percentile":358},"2025-12-16",0.75563,{"date":360,"score":239,"percentile":361},"2025-12-17",0.75574,{"date":363,"score":239,"percentile":364},"2025-12-18",0.75595,{"date":366,"score":239,"percentile":367},"2025-12-19",0.75612,{"date":369,"score":239,"percentile":370},"2025-12-20",0.75607,{"date":372,"score":239,"percentile":373},"2025-12-21",0.75603,{"date":375,"score":239,"percentile":376},"2025-12-22",0.75605,{"date":378,"score":239,"percentile":373},"2025-12-23",{"date":380,"score":239,"percentile":367},"2025-12-24",{"date":382,"score":239,"percentile":383},"2025-12-25",0.75636,{"date":385,"score":239,"percentile":386},"2025-12-26",0.75634,{"date":388,"score":389,"percentile":390},"2025-12-27",0.01118,0.77772,{"date":392,"score":239,"percentile":393},"2025-12-28",0.75619,{"date":395,"score":239,"percentile":396},"2025-12-29",0.75616,{"date":398,"score":239,"percentile":399},"2025-12-30",0.75628,{"date":401,"score":239,"percentile":402},"2025-12-31",0.75648,{"date":404,"score":239,"percentile":405},"2026-01-01",0.75789,{"date":407,"score":239,"percentile":408},"2026-01-02",0.75794,{"date":410,"score":239,"percentile":411},"2026-01-03",0.75793,{"date":413,"score":239,"percentile":414},"2026-01-04",0.7566,{"date":416,"score":239,"percentile":417},"2026-01-05",0.75651,{"date":419,"score":120,"percentile":240},"2026-01-06",{"date":421,"score":120,"percentile":422},"2026-01-07",0.75436,{"date":424,"score":120,"percentile":298},"2026-01-08",{"date":426,"score":120,"percentile":334},"2026-01-09",{"date":428,"score":120,"percentile":429},"2026-01-10",0.75457,{"date":431,"score":120,"percentile":432},"2026-01-11",0.75443,{"date":434,"score":120,"percentile":435},"2026-01-12",0.75428,{"date":437,"score":120,"percentile":255},"2026-01-13",{"date":439,"score":120,"percentile":440},"2026-01-14",0.75456,{"date":442,"score":120,"percentile":307},"2026-01-15",{"date":444,"score":120,"percentile":445},"2026-01-16",0.75474,{"date":447,"score":120,"percentile":448},"2026-01-17",0.75472,{"date":450,"score":120,"percentile":451},"2026-01-18",0.75462,{"date":453,"score":120,"percentile":440},"2026-01-19",{"date":455,"score":120,"percentile":456},"2026-01-20",0.75459,{"date":458,"score":120,"percentile":293},"2026-01-21",{"date":460,"score":120,"percentile":461},"2026-01-22",0.75468,{"date":463,"score":120,"percentile":464},"2026-01-23",0.75494,{"date":466,"score":120,"percentile":467},"2026-01-24",0.75499,{"date":469,"score":120,"percentile":470},"2026-01-25",0.75485,{"date":472,"score":120,"percentile":470},"2026-01-26",{"date":474,"score":120,"percentile":475},"2026-01-27",0.75491,{"date":477,"score":120,"percentile":478},"2026-01-28",0.75501,{"date":480,"score":120,"percentile":481},"2026-01-29",0.75498,{"date":483,"score":120,"percentile":484},"2026-01-30",0.75503,{"date":486,"score":120,"percentile":487},"2026-01-31",0.75505,{"date":489,"score":120,"percentile":490},"2026-02-01",0.7563,[492],{"source":124,"cvss_v2_0":493,"cvss_v3_0":9,"cvss_v3_1":498,"cvss_v4_0":9},{"baseScore":494,"baseSeverity":9,"vectorString":495,"impactScore":496,"exploitabilityScore":497},6.4,"AV:N/AC:L/Au:N/C:P/I:P/A:N",4.9,10,{"baseScore":122,"baseSeverity":499,"vectorString":125,"impactScore":500,"exploitabilityScore":497},"CRITICAL",8.7,[502,519,528,536,544,567,575,587,593,598,605],{"ecosystem":9,"name":503,"vendor":504,"product":505,"cpe_part":506,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":507},"ubuntu linux","canonical","ubuntu_linux","o",[508,511,513,515,517],{"version":509,"is_range":48,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.04","cpe",{"version":512,"is_range":48,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"14.04",{"version":514,"is_range":48,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"16.04",{"version":516,"is_range":48,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"18.04",{"version":518,"is_range":48,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"19.04",{"ecosystem":9,"name":520,"vendor":521,"product":522,"cpe_part":506,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":523},"debian linux","debian","debian_linux",[524,526],{"version":525,"is_range":48,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",{"version":527,"is_range":48,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"ecosystem":9,"name":529,"vendor":530,"product":529,"cpe_part":506,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":531},"fedora","fedoraproject",[532,534],{"version":533,"is_range":48,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"29",{"version":535,"is_range":48,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"30",{"ecosystem":9,"name":537,"vendor":538,"product":537,"cpe_part":506,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":539},"leap","opensuse",[540,542],{"version":541,"is_range":48,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.0",{"version":543,"is_range":48,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"42.3",{"ecosystem":9,"name":545,"vendor":545,"product":545,"cpe_part":546,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":547},"python","a",[548,555,559,563],{"version":549,"is_range":550,"range_type":510,"version_start":551,"version_start_type":552,"version_end":553,"version_end_type":554,"fixed_in":9},"gte2.0_lt2.7.17",true,"2.0","including","2.7.17","excluding",{"version":556,"is_range":550,"range_type":510,"version_start":557,"version_start_type":552,"version_end":558,"version_end_type":554,"fixed_in":9},"gte3.5.0_lt3.5.8","3.5.0","3.5.8",{"version":560,"is_range":550,"range_type":510,"version_start":561,"version_start_type":552,"version_end":562,"version_end_type":554,"fixed_in":9},"gte3.6.0_lt3.6.9","3.6.0","3.6.9",{"version":564,"is_range":550,"range_type":510,"version_start":565,"version_start_type":552,"version_end":566,"version_end_type":554,"fixed_in":9},"gte3.7.0_lt3.7.4","3.7.0","3.7.4",{"ecosystem":9,"name":568,"vendor":569,"product":570,"cpe_part":506,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":571},"enterprise linux desktop","redhat","enterprise_linux_desktop",[572,574],{"version":573,"is_range":48,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0",{"version":525,"is_range":48,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":576,"vendor":569,"product":577,"cpe_part":506,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":578},"enterprise linux eus","enterprise_linux_eus",[579,581,583,585],{"version":580,"is_range":48,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.1",{"version":582,"is_range":48,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.2",{"version":584,"is_range":48,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.4",{"version":586,"is_range":48,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.6",{"ecosystem":9,"name":588,"vendor":569,"product":589,"cpe_part":506,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":590},"enterprise linux server","enterprise_linux_server",[591,592],{"version":573,"is_range":48,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":525,"is_range":48,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":594,"vendor":569,"product":595,"cpe_part":506,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":596},"enterprise linux server eus","enterprise_linux_server_eus",[597],{"version":584,"is_range":48,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":599,"vendor":569,"product":600,"cpe_part":506,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":601},"enterprise linux tus","enterprise_linux_tus",[602,603,604],{"version":582,"is_range":48,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":584,"is_range":48,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":586,"is_range":48,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":606,"vendor":569,"product":607,"cpe_part":506,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":608},"enterprise linux workstation","enterprise_linux_workstation",[609,610],{"version":573,"is_range":48,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":525,"is_range":48,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9}]