CVE-2019-9636 log

Severity High
Remote Yes
Type Information disclosure
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. A specially crafted URL could be incorrectly parsed by urllib.parse.urlsplit and urllib.parse.urlparse to locate cookies or authentication data and send that information to a different host than when parsed correctly.
Group Package Affected Fixed Severity Status Ticket
AVG-978 python2 2.7.16-1 2.7.17-1 High Fixed
AVG-977 python 3.7.2-1 3.7.3-1 High Fixed
Date Advisory Group Package Severity Type
03 Nov 2019 ASA-201911-4 AVG-978 python2 High information disclosure
18 Jun 2019 ASA-201906-17 AVG-977 python High information disclosure