FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-16 19:33:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
ca595a25-91d8-11ea-b470-080027846a02	Python -- CRLF injection via the host part of the url passed to urlopen() Python reports: An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. Discovery 2019-10-24 Entry 2020-05-09 Modified 2020-06-13 python27 < 2.7.18 python38 < 3.8.3 python37 le 3.7.7 python36 < 3.6.10 python35 le 3.5.9_4 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18348 https://bugs.python.org/issue38576 CVE-2019-18348

VuXML ID

Description

ca595a25-91d8-11ea-b470-080027846a02

Python -- CRLF injection via the host part of the url passed to urlopen()

Python reports:

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header.

Discovery 2019-10-24
Entry 2020-05-09
Modified 2020-06-13
python27

< 2.7.18

python38

< 3.8.3

python37

le 3.7.7

python36

< 3.6.10

python35

le 3.5.9_4

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18348
https://bugs.python.org/issue38576
CVE-2019-18348