Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Title:Python 2.x < 2.7.17, 3.5.x < 3.5.8, 3.6.x < 3.6.9, 3.7.x < 3.7.4 Protection Bypass Vulnerability (bpo-35907) - Linux
Summary:Python is prone to a protection bypass vulnerability.
Python is prone to a protection bypass vulnerability.

Vulnerability Insight:
urllib supports the 'local_file:' scheme, which makes it easier
for remote attackers to bypass protection mechanisms that blacklist 'file:' URIs, as demonstrated
by triggering a 'urllib.urlopen('local_file:///etc/passwd')' call.

Affected Software/OS:
Python 2.x prior to version 2.7.17, versions 3.5.x prior to 3.5.8,
3.6.x prior to 3.6.9 and 3.7.x prior to 3.7.4.

The vendor has released updates. Please see the references for
more information.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-9948
BugTraq ID: 107549
Bugtraq: 20191021 [slackware-security] python (SSA:2019-293-01) (Google Search)
RedHat Security Advisories: RHSA-2019:1700
RedHat Security Advisories: RHSA-2019:2030
RedHat Security Advisories: RHSA-2019:3335
RedHat Security Advisories: RHSA-2019:3520
SuSE Security Announcement: openSUSE-SU-2019:1273 (Google Search)
SuSE Security Announcement: openSUSE-SU-2019:1580 (Google Search)
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2022 E-Soft Inc. All rights reserved.