VDB

DEBIAN-CVE-2022-0391

DEBIAN-CVE-2022-0391 PUBLISHED CVSS 7.5 HIGH

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products

VendorProductVersions
Debian:14pypy30, 0, 0
Debian:11pypy3*, 7.3.5+dfsg-2+deb11u3, *
Debian:12pypy30, 0, 0
Debian:13pypy30, 0, 0
Debian:11python3.90, 3.9.2-1, 3.9.2-1
Debian:11python2.70, 2.7.18-8, 0

Exploit Intelligence

Timeline

  • Feb 9, 2022 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›