Home CVE Database CVE-2019-9948

CVE-2019-9948

Description

urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen(\'local_file:///etc/passwd\') call.

Priority: Medium
CVSS v3: 9.1
Publish Date: Mar 23, 2019
Related ID: --
CVSS v2: CRITICAL
Modified Date: Mar 25, 2019

Find out more about CVE-2019-9948 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Product Name Status Defect Fixed Downloads
Linux
Wind River Linux LTS 17 Vulnerable LIN10-5571
-- --
Wind River Linux 9 Vulnerable LIN9-8207
-- --
Wind River Linux 8 Vulnerable LIN8-10612
-- --
Wind River Linux 7 Vulnerable LIN7-10751
-- --
Wind River Linux LTS 18 Vulnerable LIN1018-3717
-- --
VxWorks
VxWorks 7 Not Vulnerable -- -- --
VxWorks 6.9 Not Vulnerable -- -- --
VxWorks 6.8 Not Vulnerable -- -- --
VxWorks 6.7 Not Vulnerable -- -- --
VxWorks 6.6 Not Vulnerable -- -- --
VxWorks 6.4 Not Vulnerable -- -- --
VxWorks 5.5 Not Vulnerable -- -- --

Related Products

Product name Status
Linux
Linux 7 SCP Not Vulnerable
Linux 7 CGP Not Vulnerable

Comments

python

Live chat
Online