OPENSUSE-SU-2020:0696-1

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2019-18348 CVE-2019-9674

Published: 22 May 2020, 18:14

Last modified:04 Feb 2026, 04:19

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

22 May 2020, 18:14

Published

Vulnerability first disclosed

04 Feb 2026, 04:19

Last Modified

Vulnerability information updated

Description

Security update for python This update for python fixes the following issues: Security issues fixed: - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen(). Now an InvalidURL exception is raised (bsc#1155094). - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). This update was imported from the SUSE:SLE-15:Update update project.

Affected Systems

opensuse•python-base&distro=openSUSE Leap 15.1
< 2.7.17-lp151.10.17.1
opensuse•python-doc&distro=openSUSE Leap 15.1
< 2.7.17-lp151.10.17.1
opensuse•python&distro=openSUSE Leap 15.1
< 2.7.17-lp151.10.17.1

OPENSUSE-SU-2020:0696-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (5)