Unrated severityOSV Advisory· Published Mar 23, 2019· Updated Aug 4, 2024
CVE-2019-9948
CVE-2019-9948
Description
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
87v2.0, v2.1, v2.1a1, …+ 1 more
- (no CPE)range: v2.0, v2.1, v2.1a1, …
- (no CPE)range: 2.x through 2.7.16
- osv-coords85 versionspkg:rpm/almalinux/python2-attrspkg:rpm/almalinux/python2-chardetpkg:rpm/almalinux/python2-coveragepkg:rpm/almalinux/python2-Cythonpkg:rpm/almalinux/python2-dnspkg:rpm/almalinux/python2-docspkg:rpm/almalinux/python2-docs-infopkg:rpm/almalinux/python2-docutilspkg:rpm/almalinux/python2-funcsigspkg:rpm/almalinux/python2-idnapkg:rpm/almalinux/python2-ipaddresspkg:rpm/almalinux/python2-markupsafepkg:rpm/almalinux/python2-mockpkg:rpm/almalinux/python2-pluggypkg:rpm/almalinux/python2-psycopg2pkg:rpm/almalinux/python2-psycopg2-debugpkg:rpm/almalinux/python2-psycopg2-testspkg:rpm/almalinux/python2-pypkg:rpm/almalinux/python2-PyMySQLpkg:rpm/almalinux/python2-pysockspkg:rpm/almalinux/python2-pytestpkg:rpm/almalinux/python2-pytest-mockpkg:rpm/almalinux/python2-pytzpkg:rpm/almalinux/python2-pyyamlpkg:rpm/almalinux/python2-rpm-macrospkg:rpm/almalinux/python2-setuptools_scmpkg:rpm/almalinux/python-psycopg2-docpkg:rpm/opensuse/python&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/python&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python-base&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP1pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4pkg:rpm/suse/python-base&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/python&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP1pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/python&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-doc&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/python-doc&distro=SUSE%20OpenStack%20Cloud%207
< 17.4.0-10.module_el8.6.0+2781+fed64c13+ 84 more
- (no CPE)range: < 17.4.0-10.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 3.0.4-10.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 4.5.1-4.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 0.28.1-7.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.15.0-10.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.7.16-2.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.7.16-2.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 0.14-12.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.0.2-13.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.5-7.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.0.18-6.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 0.23-19.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.0.0-13.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 0.6.0-8.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.7.5-7.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.7.5-7.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.7.5-7.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.5.3-6.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 0.8.0-10.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.6.8-6.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 3.4.2-13.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.9.0-4.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2017.2-12.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 3.12-16.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 3-38.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.15.7-6.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.7.5-7.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.7.14-lp150.6.10.1
- (no CPE)range: < 2.7.18-8.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.14-7.11.1
- (no CPE)range: < 2.7.17-7.32.1
- (no CPE)range: < 2.7.17-7.32.1
- (no CPE)range: < 2.6.9-40.24.1
- (no CPE)range: < 2.6.9-40.24.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.14-7.11.1
- (no CPE)range: < 2.7.17-7.32.2
- (no CPE)range: < 2.7.14-7.11.1
- (no CPE)range: < 2.7.17-7.32.2
- (no CPE)range: < 2.7.17-7.32.2
- (no CPE)range: < 2.6.9-40.24.1
- (no CPE)range: < 2.6.9-40.24.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.6-8.40.24.1
- (no CPE)range: < 2.6-8.40.24.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
- (no CPE)range: < 2.7.13-28.26.1
Patches
Vulnerability mechanics
References
22- lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.htmlmitrevendor-advisoryx_refsource_SUSE
- access.redhat.com/errata/RHSA-2019:1700mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2019:2030mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2019:3335mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2019:3520mitrevendor-advisoryx_refsource_REDHAT
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/202003-26mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/4127-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/4127-2/mitrevendor-advisoryx_refsource_UBUNTU
- packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.htmlmitrex_refsource_MISC
- www.securityfocus.com/bid/107549mitrevdb-entryx_refsource_BID
- bugs.python.org/issue35907mitrex_refsource_MISC
- github.com/python/cpython/pull/11842mitrex_refsource_MISC
- lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2019/06/msg00022.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2019/07/msg00011.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2020/07/msg00011.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2020/08/msg00034.htmlmitremailing-listx_refsource_MLIST
- seclists.org/bugtraq/2019/Oct/29mitremailing-listx_refsource_BUGTRAQ
- security.netapp.com/advisory/ntap-20190404-0004/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.