CVE-2022-0391

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.
Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
Affected Products (NVD)
VendorProductVersion
pythonpython
𝑥
< 3.6.14
pythonpython
3.7.0 ≤
𝑥
< 3.7.11
pythonpython
3.8.0 ≤
𝑥
< 3.8.11
pythonpython
3.9.0 ≤
𝑥
< 3.9.5
pythonpython
3.10.0:alpha1
pythonpython
3.10.0:alpha2
pythonpython
3.10.0:alpha3
pythonpython
3.10.0:alpha4
pythonpython
3.10.0:alpha5
pythonpython
3.10.0:alpha6
netappactive_iq_unified_manager
-
netapphci
-
netappmanagement_services_for_element_software
-
netappontap_select_deploy_administration_utility
-
netappsolidfire\,_enterprise_sds_\&_hci_storage_node
-
netapphci_compute_node
-
oraclehttp_server
12.2.1.3.0
oraclehttp_server
12.2.1.4.0
oraclezfs_storage_appliance_kit
8.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pypy3
bookworm
7.3.11+dfsg-2+deb12u2
fixed
bullseye
no-dsa
bullseye (security)
vulnerable
buster
no-dsa
sid
7.3.17+dfsg-2
fixed
trixie
7.3.17+dfsg-2
fixed
python2.7
bullseye
2.7.18-8+deb11u1
fixed
buster
no-dsa
python3.9
bullseye
vulnerable
buster
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python2.7
bionic
Fixed 2.7.17-1~18.04ubuntu1.7
released
focal
Fixed 2.7.18-1~20.04.4+esm1
released
impish
ignored
jammy
Fixed 2.7.18-13ubuntu1.2+esm1
released
kinetic
ignored
lunar
dne
mantic
dne
noble
dne
trusty
Fixed 2.7.6-8ubuntu0.6+esm12
released
xenial
Fixed 2.7.12-1ubuntu0~16.04.18+esm1
released
python3.10
bionic
dne
focal
dne
impish
not-affected
jammy
not-affected
kinetic
not-affected
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
dne
python3.4
bionic
dne
focal
dne
impish
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
Fixed 3.4.3-1ubuntu1~14.04.7+esm12
released
xenial
dne
python3.5
bionic
dne
focal
dne
impish
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
Fixed 3.5.2-2ubuntu0~16.04.4~14.04.1+esm1
released
xenial
Fixed 3.5.2-2ubuntu0~16.04.13+esm2
released
python3.6
bionic
Fixed 3.6.9-1~18.04ubuntu1.7
released
focal
dne
impish
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
dne
python3.7
bionic
Fixed 3.7.5-2ubuntu1~18.04.2+esm3
released
focal
dne
impish
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
dne
python3.8
bionic
Fixed 3.8.0-3ubuntu1~18.04.2+esm2
released
focal
Fixed 3.8.10-0ubuntu1~20.04.4
released
impish
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
dne
python3.9
bionic
dne
focal
not-affected
impish
not-affected
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
ignored
xenial
ignored
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libpython2_7-1_0
suse enterprise desktop 15 SP3
2.7.18-150000.38.2
fixed
suse enterprise sap 12 SP5
2.7.18-33.8.1
fixed
suse enterprise sap 15 SP3
2.7.18-150000.38.2
fixed
suse enterprise server 12 SP3
2.7.18-28.84.1
fixed
suse enterprise server 12 SP4
2.7.18-33.8.1
fixed
suse enterprise server 12 SP5
2.7.18-33.8.1
fixed
suse enterprise server 15 SP3
2.7.18-150000.38.2
fixed
libpython2_7-1_0-32bit
suse enterprise sap 12 SP5
2.7.18-33.8.1
fixed
suse enterprise server 12 SP3
2.7.18-28.84.1
fixed
suse enterprise server 12 SP4
2.7.18-33.8.1
fixed
suse enterprise server 12 SP5
2.7.18-33.8.1
fixed
libpython3_4m1_0
suse enterprise sap 12
3.4.10-25.85.1
fixed
suse enterprise sap 12 SP3
3.4.10-25.85.1
fixed
suse enterprise sap 12 SP4
3.4.10-25.85.1
fixed
suse enterprise sap 12 SP5
3.4.10-25.85.1
fixed
suse enterprise server 12
3.4.10-25.85.1
fixed
suse enterprise server 12 SP3
3.4.10-25.85.1
fixed
suse enterprise server 12 SP4
3.4.10-25.85.1
fixed
suse enterprise server 12 SP5
3.4.10-25.85.1
fixed
libpython3_4m1_0-32bit
suse enterprise sap 12 SP5
3.4.10-25.85.1
fixed
suse enterprise server 12 SP5
3.4.10-25.85.1
fixed
python
suse enterprise desktop 15 SP3
2.7.18-150000.38.1
fixed
suse enterprise sap 12 SP5
2.7.18-33.8.1
fixed
suse enterprise sap 15 SP3
2.7.18-150000.38.1
fixed
suse enterprise server 12 SP3
2.7.18-28.84.1
fixed
suse enterprise server 12 SP4
2.7.18-33.8.1
fixed
suse enterprise server 12 SP5
2.7.18-33.8.1
fixed
suse enterprise server 15 SP3
2.7.18-150000.38.1
fixed
python-32bit
suse enterprise sap 12 SP5
2.7.18-33.8.1
fixed
suse enterprise server 12 SP3
2.7.18-28.84.1
fixed
suse enterprise server 12 SP4
2.7.18-33.8.1
fixed
suse enterprise server 12 SP5
2.7.18-33.8.1
fixed
python-base
suse enterprise desktop 15 SP3
2.7.18-150000.38.2
fixed
suse enterprise sap 12 SP5
2.7.18-33.8.1
fixed
suse enterprise sap 15 SP3
2.7.18-150000.38.2
fixed
suse enterprise server 12 SP3
2.7.18-28.84.1
fixed
suse enterprise server 12 SP4
2.7.18-33.8.1
fixed
suse enterprise server 12 SP5
2.7.18-33.8.1
fixed
suse enterprise server 15 SP3
2.7.18-150000.38.2
fixed
python-base-32bit
suse enterprise sap 12 SP5
2.7.18-33.8.1
fixed
suse enterprise server 12 SP3
2.7.18-28.84.1
fixed
suse enterprise server 12 SP4
2.7.18-33.8.1
fixed
suse enterprise server 12 SP5
2.7.18-33.8.1
fixed
python-curses
suse enterprise desktop 15 SP3
2.7.18-150000.38.1
fixed
suse enterprise sap 12 SP5
2.7.18-33.8.1
fixed
suse enterprise sap 15 SP3
2.7.18-150000.38.1
fixed
suse enterprise server 12 SP3
2.7.18-28.84.1
fixed
suse enterprise server 12 SP4
2.7.18-33.8.1
fixed
suse enterprise server 12 SP5
2.7.18-33.8.1
fixed
suse enterprise server 15 SP3
2.7.18-150000.38.1
fixed
python-demo
suse enterprise sap 12 SP5
2.7.18-33.8.1
fixed
suse enterprise server 12 SP3
2.7.18-28.84.1
fixed
suse enterprise server 12 SP4
2.7.18-33.8.1
fixed
suse enterprise server 12 SP5
2.7.18-33.8.1
fixed
python-devel
suse enterprise desktop 15 SP3
2.7.18-150000.38.2
fixed
suse enterprise sap 12 SP5
2.7.18-33.8.1
fixed
suse enterprise sap 15 SP3
2.7.18-150000.38.2
fixed
suse enterprise server 12 SP3
2.7.18-28.84.1
fixed
suse enterprise server 12 SP4
2.7.18-33.8.1
fixed
suse enterprise server 12 SP5
2.7.18-33.8.1
fixed
suse enterprise server 15 SP3
2.7.18-150000.38.2
fixed
python-doc
suse enterprise sap 12 SP5
2.7.18-33.8.1
fixed
suse enterprise server 12 SP3
2.7.18-28.84.1
fixed
suse enterprise server 12 SP4
2.7.18-33.8.1
fixed
suse enterprise server 12 SP5
2.7.18-33.8.1
fixed
python-doc-pdf
suse enterprise sap 12 SP5
2.7.18-33.8.1
fixed
suse enterprise server 12 SP3
2.7.18-28.84.1
fixed
suse enterprise server 12 SP4
2.7.18-33.8.1
fixed
suse enterprise server 12 SP5
2.7.18-33.8.1
fixed
python-gdbm
suse enterprise desktop 15 SP3
2.7.18-150000.38.1
fixed
suse enterprise sap 12 SP5
2.7.18-33.8.1
fixed
suse enterprise sap 15 SP3
2.7.18-150000.38.1
fixed
suse enterprise server 12 SP3
2.7.18-28.84.1
fixed
suse enterprise server 12 SP4
2.7.18-33.8.1
fixed
suse enterprise server 12 SP5
2.7.18-33.8.1
fixed
suse enterprise server 15 SP3
2.7.18-150000.38.1
fixed
python-idle
suse enterprise sap 12 SP5
2.7.18-33.8.1
fixed
suse enterprise server 12 SP3
2.7.18-28.84.1
fixed
suse enterprise server 12 SP4
2.7.18-33.8.1
fixed
suse enterprise server 12 SP5
2.7.18-33.8.1
fixed
python-tk
suse enterprise sap 12 SP5
2.7.18-33.8.1
fixed
suse enterprise server 12 SP3
2.7.18-28.84.1
fixed
suse enterprise server 12 SP4
2.7.18-33.8.1
fixed
suse enterprise server 12 SP5
2.7.18-33.8.1
fixed
python-xml
suse enterprise desktop 15 SP3
2.7.18-150000.38.2
fixed
suse enterprise sap 12 SP5
2.7.18-33.8.1
fixed
suse enterprise sap 15 SP3
2.7.18-150000.38.2
fixed
suse enterprise server 12 SP3
2.7.18-28.84.1
fixed
suse enterprise server 12 SP4
2.7.18-33.8.1
fixed
suse enterprise server 12 SP5
2.7.18-33.8.1
fixed
suse enterprise server 15 SP3
2.7.18-150000.38.2
fixed
python3
suse enterprise sap 12
3.4.10-25.85.2
fixed
suse enterprise sap 12 SP3
3.4.10-25.85.2
fixed
suse enterprise sap 12 SP4
3.4.10-25.85.2
fixed
suse enterprise sap 12 SP5
3.4.10-25.85.2
fixed
suse enterprise server 12
3.4.10-25.85.2
fixed
suse enterprise server 12 SP3
3.4.10-25.85.2
fixed
suse enterprise server 12 SP4
3.4.10-25.85.2
fixed
suse enterprise server 12 SP5
3.4.10-25.85.2
fixed
python3-base
suse enterprise sap 12
3.4.10-25.85.1
fixed
suse enterprise sap 12 SP3
3.4.10-25.85.1
fixed
suse enterprise sap 12 SP4
3.4.10-25.85.1
fixed
suse enterprise sap 12 SP5
3.4.10-25.85.1
fixed
suse enterprise server 12
3.4.10-25.85.1
fixed
suse enterprise server 12 SP3
3.4.10-25.85.1
fixed
suse enterprise server 12 SP4
3.4.10-25.85.1
fixed
suse enterprise server 12 SP5
3.4.10-25.85.1
fixed
python3-curses
suse enterprise sap 12
3.4.10-25.85.2
fixed
suse enterprise sap 12 SP3
3.4.10-25.85.2
fixed
suse enterprise sap 12 SP4
3.4.10-25.85.2
fixed
suse enterprise sap 12 SP5
3.4.10-25.85.2
fixed
suse enterprise server 12
3.4.10-25.85.2
fixed
suse enterprise server 12 SP3
3.4.10-25.85.2
fixed
suse enterprise server 12 SP4
3.4.10-25.85.2
fixed
suse enterprise server 12 SP5
3.4.10-25.85.2
fixed
python3-devel
suse enterprise sap 12 SP5
3.4.10-25.85.1
fixed
suse enterprise server 12 SP5
3.4.10-25.85.1
fixed
python3-tk
suse enterprise sap 12 SP5
3.4.10-25.85.2
fixed
suse enterprise server 12 SP5
3.4.10-25.85.2
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
platform-python
RHEL 8
0:3.6.8-47.el8_6
fixed
RHEL 8.6 AUS
0:3.6.8-47.el8_6
fixed
RHEL 8.6 E4S
0:3.6.8-47.el8_6
fixed
RHEL 8.6 EUS
0:3.6.8-47.el8_6
fixed
RHEL 8.6 TUS
0:3.6.8-47.el8_6
fixed
platform-python-debug
RHEL 8
0:3.6.8-47.el8_6
fixed
RHEL 8.6 AUS
0:3.6.8-47.el8_6
fixed
RHEL 8.6 E4S
0:3.6.8-47.el8_6
fixed
RHEL 8.6 EUS
0:3.6.8-47.el8_6
fixed
RHEL 8.6 TUS
0:3.6.8-47.el8_6
fixed
platform-python-devel
RHEL 8
0:3.6.8-47.el8_6
fixed
RHEL 8.6 AUS
0:3.6.8-47.el8_6
fixed
RHEL 8.6 E4S
0:3.6.8-47.el8_6
fixed
RHEL 8.6 EUS
0:3.6.8-47.el8_6
fixed
RHEL 8.6 TUS
0:3.6.8-47.el8_6
fixed
python3-idle
RHEL 8
0:3.6.8-47.el8_6
fixed
RHEL 8.6 AUS
0:3.6.8-47.el8_6
fixed
RHEL 8.6 E4S
0:3.6.8-47.el8_6
fixed
RHEL 8.6 EUS
0:3.6.8-47.el8_6
fixed
RHEL 8.6 TUS
0:3.6.8-47.el8_6
fixed
python3-libs
RHEL 8
0:3.6.8-47.el8_6
fixed
RHEL 8.6 AUS
0:3.6.8-47.el8_6
fixed
RHEL 8.6 E4S
0:3.6.8-47.el8_6
fixed
RHEL 8.6 EUS
0:3.6.8-47.el8_6
fixed
RHEL 8.6 TUS
0:3.6.8-47.el8_6
fixed
python3-test
RHEL 8
0:3.6.8-47.el8_6
fixed
RHEL 8.6 AUS
0:3.6.8-47.el8_6
fixed
RHEL 8.6 E4S
0:3.6.8-47.el8_6
fixed
RHEL 8.6 EUS
0:3.6.8-47.el8_6
fixed
RHEL 8.6 TUS
0:3.6.8-47.el8_6
fixed
python3-tkinter
RHEL 8
0:3.6.8-47.el8_6
fixed
RHEL 8.6 AUS
0:3.6.8-47.el8_6
fixed
RHEL 8.6 E4S
0:3.6.8-47.el8_6
fixed
RHEL 8.6 EUS
0:3.6.8-47.el8_6
fixed
RHEL 8.6 TUS
0:3.6.8-47.el8_6
fixed
Common Weakness Enumeration
References
https://bugs.python.org/issue43882
https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U/
https://security.gentoo.org/glsa/202305-02
https://security.netapp.com/advisory/ntap-20220225-0009/
https://www.oracle.com/security-alerts/cpuapr2022.html
https://bugs.python.org/issue43882
https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html
https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html
https://lists.debian.org/debian-lts-announce/2025/03/msg00013.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U/
https://security.gentoo.org/glsa/202305-02
https://security.netapp.com/advisory/ntap-20220225-0009/
https://www.oracle.com/security-alerts/cpuapr2022.html