urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
07 Nov 2023, 03:13
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
30 Jun 2022, 17:14
Type | Values Removed | Values Added |
---|---|---|
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html - Mailing List, Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:3335 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/ - Mailing List, Third Party Advisory | |
References | (BUGTRAQ) https://seclists.org/bugtraq/2019/Oct/29 - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html - Mailing List, Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:2030 - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4127-1/ - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html - Mailing List, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4127-2/ - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/ - Mailing List, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202003-26 - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2019/07/msg00011.html - Mailing List, Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:3520 - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html - Third Party Advisory, VDB Entry | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:1700 - Third Party Advisory | |
CPE | cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:* |
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_tus:8.4:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_eus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:8.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:o:redhat:enterprise_linux_tus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_tus:8.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:* |
First Time |
Redhat enterprise Linux Workstation
Redhat enterprise Linux Eus Fedoraproject Fedoraproject fedora Redhat Redhat enterprise Linux Server Debian Canonical ubuntu Linux Canonical Debian debian Linux Redhat enterprise Linux Tus Redhat enterprise Linux Server Eus Redhat enterprise Linux Desktop |
Information
Published : 2019-03-23 18:29
Updated : 2023-12-10 12:59
NVD link : CVE-2019-9948
Mitre link : CVE-2019-9948
CVE.ORG link : CVE-2019-9948
JSON object : View
Products Affected
redhat
- enterprise_linux_desktop
- enterprise_linux_server_eus
- enterprise_linux_tus
- enterprise_linux_workstation
- enterprise_linux_server
- enterprise_linux_eus
python
- python
opensuse
- leap
debian
- debian_linux
canonical
- ubuntu_linux
fedoraproject
- fedora
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')