Severity High
Remote Yes
Type Information disclosure
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. A specially crafted URL could be incorrectly parsed by urllib.parse.urlsplit and urllib.parse.urlparse to locate cookies or authentication data and send that information to a different host than when parsed correctly.
Group Package Affected Fixed Severity Status Ticket
AVG-978 python2 2.7.16-1 High Vulnerable
AVG-977 python 3.7.2-1 3.7.3-1 High Fixed
Date Advisory Group Package Severity Description
18 Jun 2019 ASA-201906-17 AVG-977 python High information disclosure