Test ID:	1.3.6.1.4.1.25623.1.1.2.2023.1061
Category:	Huawei EulerOS Local Security Checks
Title:	Huawei EulerOS: Security Advisory for python (EulerOS-SA-2023-1061)
Summary:	The remote host is missing an update for the Huawei EulerOS 'python' package(s) announced via the EulerOS-SA-2023-1061 advisory.
Description:	Summary: The remote host is missing an update for the Huawei EulerOS 'python' package(s) announced via the EulerOS-SA-2023-1061 advisory. Vulnerability Insight: A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.(CVE-2022-0391) Affected Software/OS: 'python' package(s) on Huawei EulerOS Virtualization 3.0.2.6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-0391 https://security.netapp.com/advisory/ntap-20220225-0009/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U/ https://security.gentoo.org/glsa/202305-02 https://bugs.python.org/issue43882 https://www.oracle.com/security-alerts/cpuapr2022.html https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.