Description

The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.

Remediation

References

CVE-2011-1521

Related Vulnerabilities

WordPress Plugin Simple Video Embedder Cross-Site Scripting (2.2)

WordPress Plugin 3DPrint Lite Cross-Site Scripting (1.9.1.5)

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-13450)

Oracle JRE CVE-2013-5820 Vulnerability (CVE-2013-5820)

WordPress Plugin WOOCS-Currency Switcher for WooCommerce Professional Cross-Site Scripting (1.3.7.4)

Severity

Medium

Classification

CVE-2011-1521

Tags

Missing Update Known Vulnerabilities