CVE-2019-9636 log

Source
Severity High
Remote Yes
Type Information disclosure
Description
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. A specially crafted URL could be incorrectly parsed by urllib.parse.urlsplit and urllib.parse.urlparse to locate cookies or authentication data and send that information to a different host than when parsed correctly.
Group Package Affected Fixed Severity Status Ticket
AVG-978 python2 2.7.16-1 2.7.17-1 High Fixed
AVG-977 python 3.7.2-1 3.7.3-1 High Fixed
Date Advisory Group Package Severity Type
03 Nov 2019 ASA-201911-4 AVG-978 python2 High information disclosure
18 Jun 2019 ASA-201906-17 AVG-977 python High information disclosure
References
https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html
https://github.com/python/cpython/commit/daad2c482c91de32d8305abbccc76a5de8b3a8be
https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de