CVE-2022-0391 – python: urllib.parse does not sanitize URLs containing ASCII newline and tabs
https://notcve.org/view.php?id=CVE-2022-0391
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14. • https://bugs.python.org/issue43882 https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U https://security.gentoo.org/glsa/202305-02 https://security.netapp.com/advisory/ntap-20220225-0009 https://www.oracle.com/security-alerts/cpuapr2022.html https://access. • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2021-3733 – python: urllib: Regular expression DoS in AbstractBasicAuthHandler
https://notcve.org/view.php?id=CVE-2021-3733
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. Se presenta un fallo en la clase AbstractBasicAuthHandler de urllib. Un atacante que controle un servidor HTTP malicioso al que se conecte un cliente HTTP (como un navegador web), podría desencadenar una Denegación de Servicio por Expresión Regular (ReDOS) durante una petición de autenticación con una carga útil especialmente diseñada que sea enviada por el servidor al cliente. • https://bugs.python.org/issue43075 https://bugzilla.redhat.com/show_bug.cgi?id=1995234 https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb https://github.com/python/cpython/pull/24391 https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html https://security.netapp.com/advisory/ntap-20220407-0001 https://ubuntu.com/security/CVE-2021-3733 https://access.redhat.com/security/cve/CVE-2021-3733 • CWE-400: Uncontrolled Resource Consumption •
CVE-2021-3737 – python: urllib: HTTP client possible infinite loop on a 100 Continue response
https://notcve.org/view.php?id=CVE-2021-3737
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en python. Una respuesta HTTP manejada inapropiadamente en el código del cliente HTTP de python puede permitir a un atacante remoto, que controle el servidor HTTP, hacer que el script del cliente entre en un bucle infinito, consumiendo tiempo de CPU. • https://bugs.python.org/issue44022 https://bugzilla.redhat.com/show_bug.cgi?id=1995162 https://github.com/python/cpython/pull/25916 https://github.com/python/cpython/pull/26503 https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html https://security.netapp.com/advisory/ntap-20220407-0009 https://ubuntu.com/security/CVE-2021-3737 • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2021-25322 – python-HyperKitty: hyperkitty-permissions.sh used during %post allows local privilege escalation from hyperkitty user to root
https://notcve.org/view.php?id=CVE-2021-25322
A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to 1.3.4-5.1. Una vulnerabilidad de seguimiento de enlaces simbólicos UNIX (Symlink) en python-HyperKitty de openSUSE Leap 15.2, Factory permite a atacantes locales escalar privilegios del usuario hyperkitty o hyperkitty-admin a root. Este problema afecta a: openSUSE Leap 15.2 python-HyperKitty versión 1.3.2-lp152.2.3.1 y versiones anteriores. openSUSE Factory python-HyperKitty versiones anteriores a 1.3.4-5.1 • https://bugzilla.suse.com/show_bug.cgi?id=1182373 • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVE-2021-32052
https://notcve.org/view.php?id=CVE-2021-32052
In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers. En Django 2.2 versiones anteriores a 2.2.22, 3.1 versiones anteriores a 3.1.10 y 3.2 versiones anteriores a 3.2.2 (con Python 3.9.5+), URLValidator no prohíbe nuevas líneas y pestañas (a menos que sea usado el campo URLField form). Si una aplicación usa valores con nuevas líneas en una respuesta HTTP, puede ocurrir una inyección de encabezado. • http://www.openwall.com/lists/oss-security/2021/05/06/1 https://docs.djangoproject.com/en/3.2/releases/security https://groups.google.com/forum/#%21forum/django-announce https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE https://security.netapp.com/advisory/ntap-20210611-0002 https://www.djangoproject.com/weblog/2021/may/06/security-releases • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •