VDB
GCVE-VVD-MAGEIA-2021-165
GCVE-VVD-MAGEIA-2021-165
Advisory Published
Updated python and python3 security vulnerability:
The package python/cpython is vulnerable to Web Cache Poisoning via
urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called
parameter cloaking. When the attacker can separate query parameters using
a semicolon (;), they can cause a difference in the interpretation of the
request between the proxy (running with default configuration) and the
server. This can result in malicious requests being cached as completely
safe ones, as the proxy would usually not see the semicolon as a separator,
and therefore would not include it in a cache key of an unkeyed parameter
(CVE-2021-23336).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | python3 | 0 (affected), 3.7.10-1.mga7 (unaffected), 0 (affected), 3.7.10-1.mga7 (unaffected) | — |
| Mageia | libjpeg | 0 (affected), 2.0.6-1.mga8 (unaffected) | — |
| Mageia | python3 | 0 (affected), 3.8.8-1.mga8 (unaffected), 0 (affected), 3.8.8-1.mga8 (unaffected) | — |
| Mageia | python | 0 (affected), 2.7.18-1.3.mga7 (unaffected), 0 (affected), 2.7.18-1.3.mga7 (unaffected) | — |
| AWS | config | — | — |
| Mageia | python | 0 (affected), 2.7.18-7.1.mga8 (unaffected), 0 (affected), 2.7.18-7.1.mga8 (unaffected) | — |
References
Browse GCVE Records
100 records in the GCVE database · Updated April 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.