Search for vulnerabilities
Vulnerability details: VCID-ttvn-gv7h-aaaq
Vulnerability ID VCID-ttvn-gv7h-aaaq
Aliases CVE-2022-0391
Summary A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2021:3254
rhas Moderate https://access.redhat.com/errata/RHSA-2022:1663
rhas Moderate https://access.redhat.com/errata/RHSA-2022:1764
rhas Moderate https://access.redhat.com/errata/RHSA-2022:1821
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0391.json
epss 0.00203 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00203 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00203 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00203 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00631 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00648 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00648 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00648 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00648 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00648 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00648 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00648 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00648 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00648 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00648 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00648 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00648 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00672 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00672 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00672 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00672 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00672 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.0072 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.0072 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.0072 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.0072 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.00723 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
epss 0.04715 https://api.first.org/data/v1/epss?cve=CVE-2022-0391
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=2047376
cvssv3.1 6.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0391.json
https://api.first.org/data/v1/epss?cve=CVE-2022-0391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0391
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2047376 https://bugzilla.redhat.com/show_bug.cgi?id=2047376
RHSA-2021:3254 https://access.redhat.com/errata/RHSA-2021:3254
RHSA-2022:1663 https://access.redhat.com/errata/RHSA-2022:1663
RHSA-2022:1764 https://access.redhat.com/errata/RHSA-2022:1764
RHSA-2022:1821 https://access.redhat.com/errata/RHSA-2022:1821
RHSA-2022:6457 https://access.redhat.com/errata/RHSA-2022:6457
USN-5342-1 https://usn.ubuntu.com/5342-1/
USN-6891-1 https://usn.ubuntu.com/6891-1/
USN-USN-5342-2 https://usn.ubuntu.com/USN-5342-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0391.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.57889
EPSS Score 0.00203
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.