FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
ca595a25-91d8-11ea-b470-080027846a02	Python -- CRLF injection via the host part of the url passed to urlopen() Python reports: An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. Discovery 2019-10-24 Entry 2020-05-09 Modified 2020-06-13 python27 < 2.7.18 python38 < 3.8.3 python37 <= 3.7.7 python36 < 3.6.10 python35 <= 3.5.9_4 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18348 https://bugs.python.org/issue38576 CVE-2019-18348
a27b0bb6-84fc-11ea-b5b4-641c67a117d8	Python -- Regular Expression DoS attack against client Ben Caller and Matt Schwager reports: Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. Discovery 2019-11-17 Entry 2020-04-23 Modified 2020-06-13 python38 < 3.8.3 python37 <= 3.7.7 python36 < 3.6.10 python35 <= 3.5.9_4 python27 < 2.7.18 https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html https://bugs.python.org/issue39503 CVE-2020-8492 ports/245819

VuXML ID

Description

ca595a25-91d8-11ea-b470-080027846a02

Python -- CRLF injection via the host part of the url passed to urlopen()

Python reports:

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header.

Discovery 2019-10-24
Entry 2020-05-09
Modified 2020-06-13
python27

< 2.7.18

python38

< 3.8.3

python37

<= 3.7.7

python36

< 3.6.10

python35

<= 3.5.9_4

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18348
https://bugs.python.org/issue38576
CVE-2019-18348

a27b0bb6-84fc-11ea-b5b4-641c67a117d8

Python -- Regular Expression DoS attack against client

Ben Caller and Matt Schwager reports:

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.

Discovery 2019-11-17
Entry 2020-04-23
Modified 2020-06-13
python38