Fedora python CVE-2019-18348 Arbitrary Code Execution Vulnerability
Description
A CRLF injection flaw was discovered in python in the way URLs are handled when doing an HTTP/HTTPS connection (e.g. through urlopen() or HTTPConnection). An attacker who can control the url parameter passed to urlopen method in the urllib/urllib2 modules can inject CRLF sequences and HTTP headers by abusing the "host" part of the URL.
Affected Applications
python