Test ID:	1.3.6.1.4.1.25623.1.0.147631
Category:	General
Title:	Python urllib.parse Vulnerability (bpo-43882) - Windows
Summary:	Python is prone to a vulnerability urllib.parse.
Description:	Summary: Python is prone to a vulnerability urllib.parse. Vulnerability Insight: A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. Affected Software/OS: Python prior to version 3.6.14, version 3.7.x through 3.7.10, 3.8.x through 3.8.10 and 3.9.x through 3.9.4. Solution: Update to version 3.6.14, 3.7.11, 3.8.11, 3.9.5 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-0391 https://security.netapp.com/advisory/ntap-20220225-0009/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U/ https://security.gentoo.org/glsa/202305-02 https://bugs.python.org/issue43882 https://www.oracle.com/security-alerts/cpuapr2022.html https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.