mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-29 01:31:20 +00:00
327 lines
11 KiB
JSON
327 lines
11 KiB
JSON
{
|
|
"id": "CVE-2022-0391",
|
|
"sourceIdentifier": "secalert@redhat.com",
|
|
"published": "2022-02-09T23:15:16.580",
|
|
"lastModified": "2024-11-21T06:38:31.507",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\\r' and '\\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Se ha encontrado un fallo en Python, concretamente en el m\u00f3dulo urllib.parse. Este m\u00f3dulo ayuda a dividir las cadenas de localizadores de recursos uniformes (URL) en componentes. El problema involucra como el m\u00e9todo urlparse no sanea la entrada y permite caracteres como \"\\r\" y \"\\n\" en la ruta de la URL. Este fallo permite a un atacante introducir una URL dise\u00f1ada, conllevando a ataques de inyecci\u00f3n. Este fallo afecta a Python versiones anteriores a 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 y 3.6.14"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
|
"baseScore": 7.5,
|
|
"baseSeverity": "HIGH",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 3.6
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
|
|
"baseScore": 5.0,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "secalert@redhat.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-74"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-74"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "3.6.14",
|
|
"matchCriteriaId": "C0AA4B12-CF3C-4327-983C-9067D7D97B57"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "3.7.0",
|
|
"versionEndExcluding": "3.7.11",
|
|
"matchCriteriaId": "63D83236-D590-43D4-82C0-B0C656E02A29"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "3.8.0",
|
|
"versionEndExcluding": "3.8.11",
|
|
"matchCriteriaId": "AEAFF8F2-FA7C-4FFA-B592-E37EF28D6B59"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "3.9.0",
|
|
"versionEndExcluding": "3.9.5",
|
|
"matchCriteriaId": "91FD0AF9-B011-4238-8CF1-BDEA0399AF82"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:python:python:3.10.0:alpha1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D3A22303-914F-4EB6-9CCE-EE0D5EDB424B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:python:python:3.10.0:alpha2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "349F5466-4F47-47FB-B600-55DB4F919E1A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:python:python:3.10.0:alpha3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "14EE982A-1DA9-4D34-B748-862DE731BE69"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:python:python:3.10.0:alpha4:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D0B1D471-35D3-4289-8C74-63C36233C18D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:python:python:3.10.0:alpha5:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D613BB2D-D583-44CC-9C22-38CE434FDDFD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:python:python:3.10.0:alpha6:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2075995B-9D49-4EFE-9743-5ACE0B6DEF62"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*",
|
|
"matchCriteriaId": "E8F29E19-3A64-4426-A2AA-F169440267CC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8A6E548F-62E9-40CB-85DA-FDAA0F0096C6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "86B51137-28D9-41F2-AFA2-3CC22B4954D1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://bugs.python.org/issue43882",
|
|
"source": "secalert@redhat.com",
|
|
"tags": [
|
|
"Exploit",
|
|
"Issue Tracking",
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U/",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "https://security.gentoo.org/glsa/202305-02",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "https://security.netapp.com/advisory/ntap-20220225-0009/",
|
|
"source": "secalert@redhat.com",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
|
"source": "secalert@redhat.com",
|
|
"tags": [
|
|
"Patch",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://bugs.python.org/issue43882",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Exploit",
|
|
"Issue Tracking",
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U/",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://security.gentoo.org/glsa/202305-02",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://security.netapp.com/advisory/ntap-20220225-0009/",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch",
|
|
"Third Party Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |