RHSA-2020:4285MediumCVSS 8.0

Red Hat Security Advisory: rh-python36 security, bug fix, and enhancement update

Published
October 19, 2020
Last Modified
June 27, 2026

🔗 CVE IDs covered (7)

📋 Description

CVE-2019-16935 — python: XSS vulnerability in the documentation XML-RPC server in server_title field CVE-2019-18348 — python: CRLF injection via the host part of the url passed to urlopen() CVE-2019-20907 — python: infinite loop in the tarfile module via crafted TAR archive CVE-2019-20916 — python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py CVE-2020-8492 — python: wrong backtracking in urllib.request.AbstractBasicAuthHandler allows for a ReDoS CVE-2020-14422 — python: DoS via inefficiency in IPv{4,6}Interface classes CVE-2020-26116 — python: CRLF injection via HTTP request method in httplib/http.client

🔗 References (12)