RHSA-2020:1605MediumCVSS 7.5
Red Hat Security Advisory: python27:2.7 security, bug fix, and enhancement update
🔗 CVE IDs covered (7)
📋 Description
CVE-2018-18074 — python-requests: Redirect from HTTPS to HTTP does not remove Authorization header CVE-2018-20060 — python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure CVE-2018-20852 — python: Cookie domain check returns incorrect results CVE-2019-11236 — python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service CVE-2019-11324 — python-urllib3: Certification mishandle when error should be thrown CVE-2019-16056 — python: email.utils.parseaddr wrongly parses email addresses CVE-2019-16935 — python: XSS vulnerability in the documentation XML-RPC server in server_title field
🔗 References (12)
- selfhttps://access.redhat.com/errata/RHSA-2020:1605
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1643829
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1649153
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1659551
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1700824
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1702473
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1740347
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1749839
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1762422
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1605.json