Description
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
Remediation
References
Related Vulnerabilities
MyBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-5131)
MySQL CVE-2015-0503 Vulnerability (CVE-2015-0503)
WordPress Plugin Memphis Documents Library Multiple Unspecified Vulnerabilities (3.6.21)
Oracle Database Server CVE-2006-5335 Vulnerability (CVE-2006-5335)
WordPress Plugin FireStats 'firestats-wordpress.php' Remote File Include (1.6.1)