CVE-2019-9636 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Information disclosure
Description	Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. A specially crafted URL could be incorrectly parsed by urllib.parse.urlsplit and urllib.parse.urlparse to locate cookies or authentication data and send that information to a different host than when parsed correctly.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-978	python2	2.7.16-1	2.7.17-1	High	Fixed
AVG-977	python	3.7.2-1	3.7.3-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
03 Nov 2019	ASA-201911-4	AVG-978	python2	High	information disclosure
18 Jun 2019	ASA-201906-17	AVG-977	python	High	information disclosure

References
https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html https://github.com/python/cpython/commit/daad2c482c91de32d8305abbccc76a5de8b3a8be https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de

References

https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html
https://github.com/python/cpython/commit/daad2c482c91de32d8305abbccc76a5de8b3a8be
https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de