[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2019-0318":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":26,"duplicates":27,"related":28,"reserved_at":9,"published_at":35,"modified_at":36,"state":9,"summary":37,"references_raw":39,"kevs":68,"epss":9,"epss_history":69,"metrics":70,"affected":71},"MGASA-2019-0318","Updated python packages fix security vulnerabilities\n\nUpdated python and python3 packages fix security vulnerabilities:\n\nAn issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib\nin Python 3.x through 3.7.2. CRLF injection is possible if the attacker\ncontrols a url parameter, as demonstrated by the first argument to\nurllib.request.urlopen with \\r\\n followed by an HTTP header or a Redis\ncommand (CVE-2019-9740).\n\nAn issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib\nin Python 3.x through 3.7.2. CRLF injection is possible if the attacker\ncontrols a url parameter, as demonstrated by the first argument to\nurllib.request.urlopen with \\r\\n (specifically in the path component of a\nURL) followed by an HTTP header or a Redis command. This is similar to\nCVE-2019-9740 query string issue (CVE-2019-9947).\n\nurllib in Python 2.x through 2.7.16 supports the local_file: scheme, which\nmakes it easier for remote attackers to bypass protection mechanisms that\nblacklist file: URIs, as demonstrated by triggering a \nurllib.urlopen('local_file:///etc/passwd') call (CVE-2019-9948).\n\nA security regression of CVE-2019-9636 was discovered in python, which\nstill allows an attacker to exploit CVE-2019-9636 by abusing the user and\npassword parts of a URL. When an application parses user-supplied URLs to\nstore cookies, authentication credentials, or other kind of information,\nit is possible for an attacker to provide specially crafted URLs to make\nthe application locate host-related information (e.g. cookies,\nauthentication data) and send them to a different host than where it\nshould, unlike if the URLs had been correctly parsed. The result of an\nattack may vary based on the application (CVE-2019-10160).\n\nIt was discovered that Python incorrectly parsed certain email addresses.\nA remote attacker could possibly use this issue to trick Python\napplications into accepting email addresses that should be denied\n(CVE-2019-16056).\n\nIt was discovered that the Python documentation XML-RPC server incorrectly\nhandled certain fields. A remote attacker could use this issue to execute\na cross-site scripting (XSS) attack (CVE-2019-16935).\n",null,[],[],[],[14,16,18,20,22,24],{"_key":15},"CVE-2019-10160",{"_key":17},"CVE-2019-16056",{"_key":19},"CVE-2019-16935",{"_key":21},"CVE-2019-9740",{"_key":23},"CVE-2019-9947",{"_key":25},"CVE-2019-9948",[],[],[29,30,31,32,33,34],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},"2019-11-07T23:36:48Z","2026-04-16T04:42:06.850761986Z",{"cisa_kev":38,"cisa_ransomware":38,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[40,46,51,56,60,64],{"url":41,"sources":42,"tags":44},"https://advisories.mageia.org/MGASA-2019-0318.html",[43],"osv_mageia",[45],"Advisory",{"url":47,"sources":48,"tags":49},"https://bugs.mageia.org/show_bug.cgi?id=25641",[43],[50],"REPORT",{"url":52,"sources":53,"tags":54},"https://access.redhat.com/errata/RHSA-2019:1587",[43],[50,55],"WEB",{"url":57,"sources":58,"tags":59},"https://access.redhat.com/errata/RHSA-2019:2030",[43],[50,55],{"url":61,"sources":62,"tags":63},"https://access.redhat.com/errata/RHSA-2019:3520",[43],[50,55],{"url":65,"sources":66,"tags":67},"https://usn.ubuntu.com/4151-1/",[43],[50,55],[],[],[],[72,84],{"ecosystem":73,"name":74,"vendor":75,"product":74,"cpe_part":9,"purl_type":76,"purl_namespace":75,"purl_name":74,"source":9,"versions":77},"Mageia","python","mageia","rpm",[78],{"version":79,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":82,"version_end_type":83,"fixed_in":9},"lt2_7_17_1_1_mga7",true,"ecosystem","2.7.17-1.1.mga7","excluding",{"ecosystem":73,"name":85,"vendor":75,"product":85,"cpe_part":9,"purl_type":76,"purl_namespace":75,"purl_name":85,"source":9,"versions":86},"python3",[87],{"version":88,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":89,"version_end_type":83,"fixed_in":9},"lt3_7_5_1_mga7","3.7.5-1.mga7"]