CVE-2022-0391

Updated: 2024-11-22 03:25:57.299468

Description:

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 5
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS python 2.6.6 7.5 HIGH Released CLSA-2022:1646665957 2022-05-05 12:04:46
CentOS 7 ELS python3 3.6.8 7.5 HIGH Released CLSA-2023:1697739575 2023-10-19 21:09:38
CentOS 7 ELS python 2.7.5 7.5 HIGH Already Fixed 2023-10-12 14:08:37
CentOS 8.4 ELS python3 3.6.8 7.5 HIGH Released CLSA-2022:1653920195 2022-05-30 11:37:29
CentOS 8.4 ELS python2 2.7.18 7.5 HIGH Released CLSA-2022:1654525948 2022-06-06 11:47:17
CentOS 8.5 ELS python3 3.6.8 7.5 HIGH Released CLSA-2022:1654010877 2022-05-31 11:38:04
CentOS 8.5 ELS python2 2.7.18 7.5 HIGH Released CLSA-2022:1654526367 2022-06-06 11:47:17
CloudLinux 6 ELS python 2.6.6 7.5 HIGH Released CLSA-2022:1646666376 2022-04-19 21:49:56
CloudLinux 7 ELS python3 3.6.8 7.5 HIGH Released CLSA-2024:1727288754 2024-10-07 10:50:30
Oracle Linux 6 ELS python 2.6.6 7.5 HIGH Released CLSA-2022:1646666442 2022-04-19 21:49:56
Total: 14