Search for vulnerabilities
Vulnerability details: VCID-v8kv-yq79-aaar
Vulnerability ID VCID-v8kv-yq79-aaar
Aliases CVE-2019-11236
GHSA-r64q-w8jr-g9qp
PYSEC-2019-132
PYSEC-2019-62
Summary In the urllib3 library for Python, CRLF injection is possible if the attacker controls the request parameter.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
System Score Found at
cvssv3.1 7.5 http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html
generic_textual HIGH http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html
cvssv3.1 7.5 http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html
generic_textual HIGH http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11236.html
rhas Moderate https://access.redhat.com/errata/RHSA-2019:2272
rhas Moderate https://access.redhat.com/errata/RHSA-2019:3335
rhas Moderate https://access.redhat.com/errata/RHSA-2019:3590
rhas Moderate https://access.redhat.com/errata/RHSA-2020:0850
rhas Moderate https://access.redhat.com/errata/RHSA-2020:0851
rhas Moderate https://access.redhat.com/errata/RHSA-2020:1605
rhas Moderate https://access.redhat.com/errata/RHSA-2020:1916
rhas Moderate https://access.redhat.com/errata/RHSA-2020:2068
rhas Moderate https://access.redhat.com/errata/RHSA-2020:2081
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11236.json
epss 0.0047 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.0047 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.0047 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.0047 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00562 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00848 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00848 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00848 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.00848 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
epss 0.01859 https://api.first.org/data/v1/epss?cve=CVE-2019-11236
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11236
cvssv3.1 6.1 https://github.com/advisories/GHSA-r64q-w8jr-g9qp
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-r64q-w8jr-g9qp
generic_textual MODERATE https://github.com/advisories/GHSA-r64q-w8jr-g9qp
cvssv3.1 6.1 https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2019-132.yaml
generic_textual MODERATE https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2019-132.yaml
cvssv3.1 4.4 https://github.com/urllib3/urllib3
generic_textual MODERATE https://github.com/urllib3/urllib3
cvssv3.1 6.1 https://github.com/urllib3/urllib3/issues/1553
generic_textual MODERATE https://github.com/urllib3/urllib3/issues/1553
cvssv3.1 6.1 https://lists.debian.org/debian-lts-announce/2019/06/msg00016.html
generic_textual MODERATE https://lists.debian.org/debian-lts-announce/2019/06/msg00016.html
cvssv3.1 6.5 https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html
generic_textual MODERATE https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html
cvssv3.1 5.9 https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html
generic_textual MODERATE https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72
cvssv3.1 6.1 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR
generic_textual MODERATE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR
cvssv3.1 6.1 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL
generic_textual MODERATE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2019-11236
cvssv3 6.1 https://nvd.nist.gov/vuln/detail/CVE-2019-11236
generic_textual Medium https://ubuntu.com/security/notices/USN-3990-1
generic_textual Medium https://ubuntu.com/security/notices/USN-3990-2
cvssv3.1 7.5 https://usn.ubuntu.com/3990-1
generic_textual HIGH https://usn.ubuntu.com/3990-1
cvssv3.1 6.1 https://usn.ubuntu.com/3990-2
generic_textual MODERATE https://usn.ubuntu.com/3990-2
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11236.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11236.json
https://api.first.org/data/v1/epss?cve=CVE-2019-11236
https://bugs.python.org/issue36276
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11236
https://github.com/advisories/GHSA-r64q-w8jr-g9qp
https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2019-132.yaml
https://github.com/urllib3/urllib3
https://github.com/urllib3/urllib3/issues/1553
https://lists.debian.org/debian-lts-announce/2019/06/msg00016.html
https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/
https://ubuntu.com/security/notices/USN-3990-1
https://ubuntu.com/security/notices/USN-3990-2
https://usn.ubuntu.com/3990-1
https://usn.ubuntu.com/3990-1/
https://usn.ubuntu.com/3990-2
https://usn.ubuntu.com/3990-2/
927172 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927172
cpe:2.3:a:python:urllib3:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:urllib3:*:*:*:*:*:*:*:*
CVE-2019-11236 https://nvd.nist.gov/vuln/detail/CVE-2019-11236
RHBA-2020:1540 https://bugzilla.redhat.com/show_bug.cgi?id=1700824
RHSA-2019:2272 https://access.redhat.com/errata/RHSA-2019:2272
RHSA-2019:3335 https://access.redhat.com/errata/RHSA-2019:3335
RHSA-2019:3590 https://access.redhat.com/errata/RHSA-2019:3590
RHSA-2020:0850 https://access.redhat.com/errata/RHSA-2020:0850
RHSA-2020:0851 https://access.redhat.com/errata/RHSA-2020:0851
RHSA-2020:1605 https://access.redhat.com/errata/RHSA-2020:1605
RHSA-2020:1916 https://access.redhat.com/errata/RHSA-2020:1916
RHSA-2020:2068 https://access.redhat.com/errata/RHSA-2020:2068
RHSA-2020:2081 https://access.redhat.com/errata/RHSA-2020:2081
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11236.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/advisories/GHSA-r64q-w8jr-g9qp
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2019-132.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/urllib3/urllib3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/urllib3/urllib3/issues/1553
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.debian.org/debian-lts-announce/2019/06/msg00016.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N Found at https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-11236
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-11236
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://usn.ubuntu.com/3990-1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://usn.ubuntu.com/3990-2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.63566
EPSS Score 0.0047
Published At June 25, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.