CVE-2019-9948

CVE Details

Release Date:2019-03-23

Description


urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.

See more information about CVE-2019-9948 from MITRE CVE dictionary and NIST NVD


CVSS v3.0 metrics


NOTE: The following CVSS v3.0 metrics and score provided are preliminary and subject to review.

Base Score: 9.1 Base Metrics: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Access Vector: Network Attack Complexity: Low
Privileges Required: None User Interaction: None
Scope: Unchanged Confidentiality Impact: High
Integrity Impact: High Availability Impact: None

Errata information


PlatformErrataRelease Date
Oracle Linux version 7 (python)ELSA-2019-20302019-08-13
Oracle Linux version 8 (Cython)ELSA-2019-33352019-11-14
Oracle Linux version 8 (PyYAML)ELSA-2019-33352019-11-14
Oracle Linux version 8 (babel)ELSA-2019-33352019-11-14
Oracle Linux version 8 (numpy)ELSA-2019-33352019-11-14
Oracle Linux version 8 (pytest)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python-PyMySQL)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python-attrs)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python-backports)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python-backports-ssl_match_hostname)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python-chardet)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python-coverage)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python-dns)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python-docs)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python-docutils)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python-funcsigs)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python-idna)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python-ipaddress)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python-jinja2)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python-lxml)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python-markupsafe)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python-mock)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python-nose)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python-pluggy)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python-psycopg2)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python-py)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python-pygments)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python-pymongo)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python-pysocks)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python-pytest-mock)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python-requests)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python-setuptools_scm)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python-six)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python-sqlalchemy)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python-urllib3)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python-virtualenv)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python-wheel)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python2)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python2-pip)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python2-rpm-macros)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python2-setuptools)ELSA-2019-33352019-11-14
Oracle Linux version 8 (python3)ELSA-2019-35202019-11-14
Oracle Linux version 8 (pytz)ELSA-2019-33352019-11-14
Oracle Linux version 8 (scipy)ELSA-2019-33352019-11-14



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete