Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.

  • Published Date: Friday 8th of March 2019 04:29:00 PM
  • Modified Date: Tuesday 16th of April 2019 02:29:07 PM
  • Download Mageni's Vulnerability Scanning Platform.

    No credit card is required to download the Free Edition. Register now.