Safety vulnerability ID: 45684
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Python versions 2.7.17, 3.5.8, 3.6.10 and 3.7.5 include a fix for CVE-2019-9948: Urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. The issue was also found to be present in Python 3 when using URLopener class.
https://bugs.python.org/issue35907
Latest version: 0.9.8
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application