CVE Vulnerabilities

CVE-2019-18348

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Published: Oct 23, 2019 | Modified: Nov 07, 2023
CVSS 3.x
6.1
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
6.5 MODERATE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Ubuntu
MEDIUM

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with rn (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1.

Weakness

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

Affected Software

Name Vendor Start Version End Version
Python Python 2.0 (including) 2.7.17 (including)
Python Python 3.0 (including) 3.5.10 (excluding)
Python Python 3.6.0 (including) 3.6.11 (excluding)
Python Python 3.7.0 (including) 3.7.8 (excluding)
Python Python 3.8.0 (including) 3.8.3 (excluding)
Red Hat Software Collections for Red Hat Enterprise Linux 6 RedHat rh-python36-python-0:3.6.12-1.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6 RedHat rh-python36-python-pip-0:9.0.1-5.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6 RedHat rh-python36-python-virtualenv-0:15.1.0-3.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat python27-python-0:2.7.18-2.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat python27-python-pip-0:8.1.2-6.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat python27-python-virtualenv-0:13.1.0-4.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat rh-python36-python-0:3.6.12-1.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat rh-python36-python-pip-0:9.0.1-5.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat rh-python36-python-virtualenv-0:15.1.0-3.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS RedHat python27-python-0:2.7.18-2.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS RedHat python27-python-pip-0:8.1.2-6.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS RedHat python27-python-virtualenv-0:13.1.0-4.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS RedHat rh-python36-python-0:3.6.12-1.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS RedHat rh-python36-python-pip-0:9.0.1-5.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS RedHat rh-python36-python-virtualenv-0:15.1.0-3.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS RedHat python27-python-0:2.7.18-2.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS RedHat python27-python-pip-0:8.1.2-6.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS RedHat python27-python-virtualenv-0:13.1.0-4.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS RedHat rh-python36-python-0:3.6.12-1.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS RedHat rh-python36-python-pip-0:9.0.1-5.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS RedHat rh-python36-python-virtualenv-0:15.1.0-3.el7 *
Python2.7 Ubuntu bionic *
Python2.7 Ubuntu disco *
Python2.7 Ubuntu eoan *
Python2.7 Ubuntu trusty *
Python2.7 Ubuntu trusty/esm *
Python2.7 Ubuntu xenial *
Python3.4 Ubuntu trusty *
Python3.4 Ubuntu trusty/esm *
Python3.5 Ubuntu trusty *
Python3.5 Ubuntu trusty/esm *
Python3.5 Ubuntu xenial *
Python3.6 Ubuntu bionic *
Python3.7 Ubuntu bionic *
Python3.7 Ubuntu disco *
Python3.7 Ubuntu eoan *
Python3.7 Ubuntu esm-apps/bionic *
Python3.8 Ubuntu bionic *
Python3.8 Ubuntu disco *
Python3.8 Ubuntu eoan *
Python3.8 Ubuntu esm-apps/bionic *
Python3.8 Ubuntu focal *
Python3.8 Ubuntu groovy *

Potential Mitigations

References