CVE-2019-9636

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-9636

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9636.json

Aliases

PSF-2019-9

Related

Published

2019-03-08T21:29:00Z

Modified

2023-11-29T07:44:00.228167Z

Details

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

References

Affected packages

Alpine:v3.10 / python2

Package

Name: python2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.7.16-r1

Affected versions

2.*

2.6.1-r0

2.6.1-r1

2.6.1-r2

2.6.2-r0

2.6.2-r1

2.6.3-r0

2.6.4-r0

2.6.5-r0

2.6.5-r1

2.6.5-r2

2.6.5-r3

2.6.5-r4

2.6.5-r5

2.6.5-r6

2.6.5-r7

2.6.5-r8

2.7.2-r8

2.7.3-r8

2.7.5-r8

2.7.6-r8

2.7.7-r8

2.7.8-r8

2.7.9-r8

2.7.10-r8

2.7.11-r8

2.7.12-r8

2.7.13-r8

2.7.14-r8

2.7.15-r8

Alpine:v3.11 / python2

Package

Name: python2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.7.16-r1

Affected versions

2.*

2.6.1-r0

2.6.1-r1

2.6.1-r2

2.6.2-r0

2.6.2-r1

2.6.3-r0

2.6.4-r0

2.6.5-r0

2.6.5-r1

2.6.5-r2

2.6.5-r3

2.6.5-r4

2.6.5-r5

2.6.5-r6

2.6.5-r7

2.6.5-r8

2.7.2-r8

2.7.3-r8

2.7.5-r8

2.7.6-r8

2.7.7-r8

2.7.8-r8

2.7.9-r8

2.7.10-r8

2.7.11-r8

2.7.12-r8

2.7.13-r8

2.7.14-r8

2.7.15-r8

Alpine:v3.12 / python2

Package

Name: python2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.7.16-r1

Affected versions

2.*

2.6.1-r0

2.6.1-r1

2.6.1-r2

2.6.2-r0

2.6.2-r1

2.6.3-r0

2.6.4-r0

2.6.5-r0

2.6.5-r1

2.6.5-r2

2.6.5-r3

2.6.5-r4

2.6.5-r5

2.6.5-r6

2.6.5-r7

2.6.5-r8

2.7.2-r8

2.7.3-r8

2.7.5-r8

2.7.6-r8

2.7.7-r8

2.7.8-r8

2.7.9-r8

2.7.10-r8

2.7.11-r8

2.7.12-r8

2.7.13-r8

2.7.14-r8

2.7.15-r8

Alpine:v3.6 / python3

Package

Name: python3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.6.8-r0

Affected versions

3.*

3.1.3-r0

3.2.0-r0

3.2.3-r0

3.3.0-r0

3.3.2-r0

3.3.3-r0

3.3.4-r0

3.4.1-r0

3.4.2-r0

3.4.2-r1

3.4.3-r1

3.4.3-r2

3.5.0-r0

3.5.1-r0

3.5.1-r1

3.5.1-r2

3.5.1-r3

3.5.2-r3

3.6.0-r3

3.6.1-r3

3.6.5-r3

Alpine:v3.7 / python2

Package

Name: python2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.7.15-r2

Affected versions

2.*

2.6.1-r0

2.6.1-r1

2.6.1-r2

2.6.2-r0

2.6.2-r1

2.6.3-r0

2.6.4-r0

2.6.5-r0

2.6.5-r1

2.6.5-r2

2.6.5-r3

2.6.5-r4

2.6.5-r5

2.6.5-r6

2.6.5-r7

2.6.5-r8

2.7.2-r8

2.7.3-r8

2.7.5-r8

2.7.6-r8

2.7.7-r8

2.7.8-r8

2.7.9-r8

2.7.10-r8

2.7.11-r8

2.7.12-r8

2.7.13-r8

2.7.14-r8

Alpine:v3.7 / python3

Package

Name: python3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.6.8-r0

Affected versions

3.*

3.1.3-r0

3.2.0-r0

3.2.3-r0

3.3.0-r0

3.3.2-r0

3.3.3-r0

3.3.4-r0

3.4.1-r0

3.4.2-r0

3.4.2-r1

3.4.3-r1

3.4.3-r2

3.5.0-r0

3.5.1-r0

3.5.1-r1

3.5.1-r2

3.5.1-r3

3.5.2-r3

3.6.0-r3

3.6.1-r3

3.6.2-r3

3.6.3-r3

3.6.5-r3

Alpine:v3.8 / python2

Package

Name: python2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.7.15-r2

Affected versions

2.*

2.6.1-r0

2.6.1-r1

2.6.1-r2

2.6.2-r0

2.6.2-r1

2.6.3-r0

2.6.4-r0

2.6.5-r0

2.6.5-r1

2.6.5-r2

2.6.5-r3

2.6.5-r4

2.6.5-r5

2.6.5-r6

2.6.5-r7

2.6.5-r8

2.7.2-r8

2.7.3-r8

2.7.5-r8

2.7.6-r8

2.7.7-r8

2.7.8-r8

2.7.9-r8

2.7.10-r8

2.7.11-r8

2.7.12-r8

2.7.13-r8

2.7.14-r8

Alpine:v3.8 / python3

Package

Name: python3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.6.8-r0

Affected versions

3.*

3.1.3-r0

3.2.0-r0

3.2.3-r0

3.3.0-r0

3.3.2-r0

3.3.3-r0

3.3.4-r0

3.4.1-r0

3.4.2-r0

3.4.2-r1

3.4.3-r1

3.4.3-r2

3.5.0-r0

3.5.1-r0

3.5.1-r1

3.5.1-r2

3.5.1-r3

3.5.2-r3

3.6.0-r3

3.6.1-r3

3.6.2-r3

3.6.3-r3

3.6.4-r3

3.6.6-r3

Alpine:v3.9 / python2

Package

Name: python2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.7.16-r1

Affected versions

2.*

2.6.1-r0

2.6.1-r1

2.6.1-r2

2.6.2-r0

2.6.2-r1

2.6.3-r0

2.6.4-r0

2.6.5-r0

2.6.5-r1

2.6.5-r2

2.6.5-r3

2.6.5-r4

2.6.5-r5

2.6.5-r6

2.6.5-r7

2.6.5-r8

2.7.2-r8

2.7.3-r8

2.7.5-r8

2.7.6-r8

2.7.7-r8

2.7.8-r8

2.7.9-r8

2.7.10-r8

2.7.11-r8

2.7.12-r8

2.7.13-r8

2.7.14-r8

2.7.15-r8

Git / github.com/python/cpython

Affected ranges

Type: GIT
Repo: https://github.com/python/cpython
Events: Introduced

1bf9cc509326bc42cd8cb1650eb9bf64550d817e

Fixed

ef4ec6ed12d6c6200a85068f60483723298b6ff4

Introduced

5c4568a05a0a62b5947c55f68f9f2ecfb90a4f12

Introduced

2e789a1f1d84b343a996e8654590703b5fbdd441