RHSA-2019:3335MediumCVSS 8.8

Red Hat Security Advisory: python27:2.7 security and bug fix update

Published
November 5, 2019
Last Modified
June 26, 2026

🔗 CVE IDs covered (6)

📋 Description

CVE-2019-6446 — numpy: crafted serialized object passed in numpy.load() in pickle python module allows arbitrary code execution CVE-2019-9740 — python: CRLF injection via the query part of the url passed to urlopen() CVE-2019-9947 — python: CRLF injection via the path part of the url passed to urlopen() CVE-2019-9948 — python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms CVE-2019-11236 — python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service CVE-2019-11324 — python-urllib3: Certification mishandle when error should be thrown

🔗 References (15)