Fedora python CVE-2019-18348 Arbitrary Code Execution Vulnerability

description-logoDescription

A CRLF injection flaw was discovered in python in the way URLs are handled when doing an HTTP/HTTPS connection (e.g. through urlopen() or HTTPConnection). An attacker who can control the url parameter passed to urlopen method in the urllib/urllib2 modules can inject CRLF sequences and HTTP headers by abusing the "host" part of the URL.

affected-products-logoAffected Applications

python

CVE References

CVE-2019-18348