Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCanonical Ubuntu
OSCanonical12.0414.0416.0418.0419.04Debian
OSDebian8.09.0Fedora Project Fedora
OSFedoraproject28293031Opensuse Leap
OSOpensuse15.015.142.3Oracle Sun Zfs Storage Appliance Kit
APPOracle8.8.6Python
APPPython2.7.0 – 2.7.17 (bez)3.0.0 – 3.4.10 (bez)3.5.0 – 3.5.7 (bez)3.6.0 – 3.6.9 (bez)3.7.0 – 3.7.3 (bez)Red Hat Enterprise Linux
OSRedhat7.07.58.0Red Hat Enterprise Linux Desktop
OSRedhat6.0Red Hat Enterprise Linux Eus
OSRedhat7.58.18.28.48.6Red Hat Enterprise Linux Server
OSRedhat6.0Red Hat Enterprise Linux Server Aus
OSRedhat7.48.28.4Red Hat Enterprise Linux Server Eus
OSRedhat5.6Red Hat Enterprise Linux Server Tus
OSRedhat7.48.28.48.6Red Hat Enterprise Linux Workstation
OSRedhat6.0Red Hat OpenShift Container Platform
APPRedhat3.11Red Hat Virtualization
APPRedhat4.0
Powiązane podatności
GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
RCE przez deserializację PHP w Roundcube Webmail (parametr _from)
Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)
Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki