A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
07 Nov 2023, 03:41
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
20 Sep 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2022-02-09 23:15
Updated : 2024-02-28 19:09
NVD link : CVE-2022-0391
Mitre link : CVE-2022-0391
CVE.ORG link : CVE-2022-0391
JSON object : View
Products Affected
netapp
- hci_compute_node
- ontap_select_deploy_administration_utility
- management_services_for_element_software
- solidfire\,_enterprise_sds_\&_hci_storage_node
- hci
- active_iq_unified_manager
oracle
- zfs_storage_appliance_kit
- http_server
fedoraproject
- fedora
python
- python
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')