正文

cpython 环境问题漏洞

admin
admin V管理员 /0 评论 /11 阅读
0304
此篇文章发布距今已超过1169天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

cpython 环境问题漏洞

  • CNNVD编号:CNNVD-202102-1124
    • <!--
  • 危害等级: 中危-->
  • 危害等级: 中危
  • CVE编号: CVE-2021-23336
  • 漏洞类型: 环境问题
  • 发布时间: 2021-02-13
  • 威胁类型: 远程
  • 更新时间: 2021-12-01
  • 厂        商:
  • 漏洞来源: Red Hat

漏洞简介

cpython是Python基金会的用C语言实现的Python解释器。

cpython 存在环境问题漏洞,攻击者可利用该漏洞可以使用分号(;)分隔查询参数,导致恶意请求被缓存为完全安全的请求。以下产品及版本受到影响:before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,补丁获取链接:

https://github.com/python/cpython/pull/24297

参考网址

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/

来源:MISC

链接:https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933

来源:CONFIRM

链接:https://security.netapp.com/advisory/ntap-20210326-0004/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/

来源:GENTOO

链接:https://security.gentoo.org/glsa/202104-04

来源:MLIST

链接:https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E

来源:MLIST

链接:http://www.openwall.com/lists/oss-security/2021/02/19/4

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/

来源:MLIST

链接:https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html

来源:MLIST

链接:http://www.openwall.com/lists/oss-security/2021/05/01/2

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/

来源:MISC

链接:https://github.com/python/cpython/pull/24297

来源:MISC

链接:https://www.oracle.com/security-alerts/cpuApr2021.html

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/

来源:MLIST

链接:https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/

来源:MLIST

链接:https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/

来源:N/A

链接:https://www.oracle.com//security-alerts/cpujul2021.html

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/

来源:MLIST

链接:https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html

来源:MISC

链接:https://www.oracle.com/security-alerts/cpuoct2021.html

来源:MLIST

链接:https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E

来源:MISC

链接:https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/164874/Red-Hat-Security-Advisory-2021-4151-06.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/162663/Red-Hat-Security-Advisory-2021-1633-01.html

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2021-23336

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0918

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/Python-urllib-data-transit-via-parse-qsl-34588

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1866

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1820

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2711

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1309

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1014

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/161488/Ubuntu-Security-Notice-USN-4742-1.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2180

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/162413/Gentoo-Linux-Security-Advisory-202104-04.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/163276/Red-Hat-Security-Advisory-2021-2543-01.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/163941/Red-Hat-Security-Advisory-2021-3254-01.html

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021052029

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0666

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2228

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021062703

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021092220

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2904

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1736

来源:www.ibm.com

链接:https://www.ibm.com/support/pages/node/6520474

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0900

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/163267/Red-Hat-Security-Advisory-2021-2532-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.3820

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021062314

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0990

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1122

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0650

来源:access.redhat.com

链接:https://access.redhat.com/security/cve/cve-2021-23336

受影响实体

    暂无


补丁

  • yed 环境问题漏洞的修复措施
    <!--
    2021-2-13
    -->