Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.
| Product: |
| library/python-2/tkinter-27 |
| legacy/runtime/python-35 |
| legacy/runtime/python-34 |
| legacy/library/python/tkinter-35 |
| legacy/library/python/tkinter-34 |
| runtime/python-37 |
| runtime/python-35 |
| runtime/python-34 |
| runtime/python-27 |
| runtime/python-27/tests |
| library/python/wrapt |
| library/python/wrapt-37 |
| library/python/wrapt-35 |
| library/python/wrapt-34 |
| library/python/wrapt-27 |
| library/python/virtualenv |
| library/python/virtualenv-37 |
| library/python/virtualenv-35 |
| library/python/virtualenv-34 |
| library/python/virtualenv-27 |
| library/python/urllib3 |
| library/python/urllib3-37 |
| library/python/urllib3-35 |
| library/python/urllib3-34 |
| library/python/urllib3-27 |
| library/python/tkinter-37 |
| library/python/tkinter-35 |
| library/python/tkinter-34 |
| library/python/tkinter-27 |
| library/python/tempora |
| library/python/tempora-37 |
| library/python/tempora-35 |
| library/python/tempora-34 |
| library/python/tempora-27 |
| library/python/sqlparse |
| library/python/sqlparse-37 |
| library/python/sqlparse-35 |
| library/python/sqlparse-34 |
| library/python/sqlparse-27 |
| library/python/six |
| library/python/six-37 |
| library/python/six-35 |
| library/python/six-34 |
| library/python/six-27 |
| library/python/simplejson |
| library/python/simplejson-37 |
| library/python/simplejson-35 |
| library/python/simplejson-34 |
| library/python/simplejson-27 |
| library/python/setuptools_scm |
| library/python/setuptools_scm-37 |
| library/python/setuptools_scm-35 |
| library/python/setuptools_scm-34 |
| library/python/setuptools_scm-27 |
| library/python/setuptools |
| library/python/setuptools-37 |
| library/python/setuptools-35 |
| library/python/setuptools-34 |
| library/python/setuptools-27 |
| library/python/scandir |
| library/python/scandir-34 |
| library/python/scandir-27 |
| library/python/requestsexceptions |
| library/python/requestsexceptions-35 |
| library/python/requestsexceptions-34 |
| library/python/requestsexceptions-27 |
| library/python/requests |
| library/python/requests-37 |
| library/python/requests-35 |
| library/python/requests-34 |
| library/python/requests-27 |
| library/python/pyyaml |
| library/python/pyyaml-37 |
| library/python/pyyaml-35 |
| library/python/pyyaml-34 |
| library/python/pyyaml-27 |
| library/python/pytz |
| library/python/pytz-37 |
| library/python/pytz-35 |
| library/python/pytz-34 |
| library/python/pytz-27 |
| library/python/python-zope-interface |
| library/python/python-zope-interface-37 |
| library/python/python-zope-interface-35 |
| library/python/python-zope-interface-34 |
| library/python/python-zope-interface-27 |
| library/python/python-memcached |
| library/python/python-memcached-37 |
| library/python/python-memcached-35 |
| library/python/python-memcached-34 |
| library/python/python-memcached-27 |
| library/python/pytest |
| library/python/pytest-37 |
| library/python/pytest-35 |
| library/python/pytest-34 |
| library/python/pytest-27 |
| library/python/pyopenssl |
| library/python/pyopenssl-37 |
| library/python/pyopenssl-35 |
| library/python/pyopenssl-34 |
| library/python/pyopenssl-27 |
| library/python/pygments |
| library/python/pygments-37 |
| library/python/pygments-35 |
| library/python/pygments-34 |
| library/python/pygments-27 |
| library/python/pycurl |
| library/python/pycurl-37 |
| library/python/pycurl-35 |
| library/python/pycurl-34 |
| library/python/pycurl-27 |
| library/python/pycparser |
| library/python/pycparser-37 |
| library/python/pycparser-35 |
| library/python/pycparser-34 |
| library/python/pycparser-27 |
| library/python/pyasn1 |
| library/python/pyasn1-37 |
| library/python/pyasn1-35 |
| library/python/pyasn1-34 |
| library/python/pyasn1-27 |
| library/python/py |
| library/python/py-37 |
| library/python/py-35 |
| library/python/py-34 |
| library/python/py-27 |
| library/python/psutil |
| library/python/psutil-37 |
| library/python/psutil-35 |
| library/python/psutil-34 |
| library/python/psutil-27 |
| library/python/prettytable |
| library/python/prettytable-37 |
| library/python/prettytable-35 |
| library/python/prettytable-34 |
| library/python/prettytable-27 |
| library/python/portend |
| library/python/portend-37 |
| library/python/portend-35 |
| library/python/portend-34 |
| library/python/portend-27 |
| library/python/ply |
| library/python/ply-37 |
| library/python/ply-35 |
| library/python/ply-34 |
| library/python/ply-27 |
| library/python/pluggy |
| library/python/pluggy-37 |
| library/python/pluggy-35 |
| library/python/pluggy-34 |
| library/python/pluggy-27 |
| library/python/pip |
| library/python/pip-37 |
| library/python/pip-35 |
| library/python/pip-34 |
| library/python/pip-27 |
| library/python/pillow |
| library/python/pillow-37 |
| library/python/pillow-35 |
| library/python/pillow-34 |
| library/python/pillow-27 |
| library/python/pep8 |
| library/python/pep8-37 |
| library/python/pep8-35 |
| library/python/pep8-34 |
| library/python/pep8-27 |
| library/python/pathlib2 |
| library/python/pathlib2-37 |
| library/python/pathlib2-35 |
| library/python/pathlib2-34 |
| library/python/pathlib2-27 |
| library/python/paramiko |
| library/python/paramiko-37 |
| library/python/paramiko-35 |
| library/python/paramiko-34 |
| library/python/paramiko-27 |
| library/python/more_itertools |
| library/python/more_itertools-37 |
| library/python/more_itertools-35 |
| library/python/more_itertools-34 |
| library/python/more_itertools-27 |
| library/python/mock |
| library/python/mock-37 |
| library/python/mock-35 |
| library/python/mock-34 |
| library/python/mock-27 |
| library/python/mccabe |
| library/python/mccabe-37 |
| library/python/mccabe-35 |
| library/python/mccabe-34 |
| library/python/mccabe-27 |
| library/python/markupsafe |
| library/python/markupsafe-37 |
| library/python/markupsafe-35 |
| library/python/markupsafe-34 |
| library/python/markupsafe-27 |
| library/python/mako |
| library/python/mako-37 |
| library/python/mako-35 |
| library/python/mako-34 |
| library/python/mako-27 |
| library/python/lxml |
| library/python/lxml-37 |
| library/python/lxml-35 |
| library/python/lxml-34 |
| library/python/lxml-27 |
| library/python/lockfile |
| library/python/lockfile-35 |
| library/python/lockfile-34 |
| library/python/lockfile-27 |
| library/python/lazy-object-proxy |
| library/python/lazy-object-proxy-37 |
| library/python/lazy-object-proxy-35 |
| library/python/lazy-object-proxy-34 |
| library/python/lazy-object-proxy-27 |
| library/python/kombu |
| library/python/kombu-27 |
| library/python/jsonschema |
| library/python/jsonschema-37 |
| library/python/jsonschema-35 |
| library/python/jsonschema-34 |
| library/python/jsonschema-27 |
| library/python/jsonrpclib |
| library/python/jsonrpclib-37 |
| library/python/jsonrpclib-35 |
| library/python/jsonrpclib-34 |
| library/python/jsonrpclib-27 |
| library/python/jinja2 |
| library/python/jinja2-37 |
| library/python/jinja2-35 |
| library/python/jinja2-34 |
| library/python/jinja2-27 |
| library/python/isort |
| library/python/isort-37 |
| library/python/isort-35 |
| library/python/isort-34 |
| library/python/isort-27 |
| library/python/hypothesis |
| library/python/hypothesis-37 |
| library/python/hypothesis-35 |
| library/python/hypothesis-34 |
| library/python/hypothesis-27 |
| library/python/funcsigs |
| library/python/funcsigs-27 |
| library/python/django |
| library/python/django-37 |
| library/python/django-35 |
| library/python/django-34 |
| library/python/django-27 |
| library/python/cryptography |
| library/python/cryptography-37 |
| library/python/cryptography-35 |
| library/python/cryptography-34 |
| library/python/cryptography-27 |
| library/python/coverage |
| library/python/coverage-37 |
| library/python/coverage-35 |
| library/python/coverage-34 |
| library/python/coverage-27 |
| library/python/cffi |
| library/python/cffi-37 |
| library/python/cffi-35 |
| library/python/cffi-34 |
| library/python/cffi-27 |
| library/python/boto |
| library/python/boto-37 |
| library/python/boto-35 |
| library/python/boto-34 |
| library/python/boto-27 |
| library/python/backports.functools_lru_cache |
| library/python/backports.functools_lru_cache-37 |
| library/python/backports.functools_lru_cache-35 |
| library/python/backports.functools_lru_cache-34 |
| library/python/backports.functools_lru_cache-27 |
| library/python/babel |
| library/python/babel-37 |
| library/python/babel-35 |
| library/python/babel-34 |
| library/python/babel-27 |
| library/python/attrs |
| library/python/attrs-37 |
| library/python/attrs-35 |
| library/python/attrs-34 |
| library/python/attrs-27 |
| library/python/atomicwrites |
| library/python/atomicwrites-37 |
| library/python/atomicwrites-35 |
| library/python/atomicwrites-34 |
| library/python/atomicwrites-27 |
| library/python/astroid |
| library/python/astroid-37 |
| library/python/astroid-35 |
| library/python/astroid-34 |
| library/python/astroid-27 |
| library/python/asn1crypto |
| library/python/asn1crypto-37 |
| library/python/asn1crypto-35 |
| library/python/asn1crypto-34 |
| library/python/asn1crypto-27 |
| developer/versioning/mercurial/hg-git |
| developer/versioning/mercurial/hg-git-27 |
| developer/python/pylint |
| developer/python/pylint-37 |
| developer/python/pylint-35 |
| developer/python/pylint-34 |
| developer/python/pylint-27 |
