What is CVE-2019-10160?

CVE-2019-10160 is a critical-severity vulnerability in Python, classified under CWE-172. CVSS score: 9.8/10. Published 2019-06-07.

How severe is CVE-2019-10160?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Vulnerability in Python

CVE-2019-10160

A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2…

EPSS: 0.015 (81.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Python — versions affects 2.7, 3.5, 3.6, 3.7, >= v3.8.0a4 and < v3.8.0b1

Weakness classification (CWE)

CWE-172

References

python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html (x_refsource_MISC)
bugzilla.redhat.com/show_bug.cgi (x_refsource_CONFIRM)
github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e (x_refsource_CONFIRM)
github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de (x_refsource_CONFIRM)
github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09 (x_refsource_CONFIRM)
github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468 (x_refsource_CONFIRM)
security.netapp.com/advisory/ntap-20190617-0003/ (x_refsource_CONFIRM)
RHSA-2019:1587 (vendor-advisory, x_refsource_REDHAT)
[debian-lts-announce] 20190625 [SECURITY] [DLA 1834-1] python2.7 security update (mailing-list, x_refsource_MLIST)
RHSA-2019:1700 (vendor-advisory, x_refsource_REDHAT)

Frequently asked questions

What is CVE-2019-10160?: CVE-2019-10160 is a critical-severity vulnerability in Python, classified under CWE-172. CVSS score: 9.8/10. Published 2019-06-07.
How severe is CVE-2019-10160?: Critical severity. CVSS v3 base score is 9.8 out of 10.