VDB

GCVE-VVD-MAGEIA-2019-148

GCVE-VVD-MAGEIA-2019-148
Advisory Published
Vulnetix · Advisory published October 4, 2019
A vulnerability was found in Python 2.x through 2.7.16. An improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization could lead to an Information Disclosure (credentials, cookies, etc. that are cached against a given hostname) in the urllib.parse.urlsplit, urllib.parse.urlparse components. A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly (CVE-2019-9636).
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiavirtualbox0 (affected), 6.0.12-1.mga7 (unaffected)
Mageiakmod-virtualbox0 (affected), 6.0.12-1.mga7 (unaffected)
Mageiapython0 (affected), 2.7.15-1.3.mga6 (unaffected), 0 (affected), 2.7.15-1.3.mga6 (unaffected)

References

Updated python packages fix security vulnerability
advisory
Updated python packages fix security vulnerability
issue
Updated python packages fix security vulnerability
advisory
Virtualbox maintenance release
advisory
Virtualbox maintenance release
issue
Virtualbox maintenance release
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›