ALAS2-2019-1259 --- python3ID: oval:org.secpod.oval:def:1700197 | Date: (C)2019-08-12 (M)2024-05-22 |
Class: PATCH | Family: unix |
A security regression of CVE-2019-9636 was discovered in python, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application