{"api_version":"1","generated_at":"2026-04-22T21:02:49+00:00","cve":"CVE-2022-0391","urls":{"html":"https://cve.report/CVE-2022-0391","api":"https://cve.report/api/cve/CVE-2022-0391.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-0391","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-0391"},"summary":{"title":"CVE-2022-0391","description":"A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\\r' and '\\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2022-02-09 23:15:00","updated_at":"2023-11-07 03:41:00"},"problem_types":["CWE-74"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/","name":"FEDORA-2022-18ad73aba6","refsource":"","tags":[],"title":"[SECURITY] Fedora 35 Update: python2.7-2.7.18-20.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugs.python.org/issue43882","name":"https://bugs.python.org/issue43882","refsource":"MISC","tags":[],"title":"Issue 43882: [security] urllib.parse should sanitize urls containing ASCII newline and tabs. - Python tracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","name":"https://www.oracle.com/security-alerts/cpuapr2022.html","refsource":"MISC","tags":[],"title":"Oracle Critical Patch Update Advisory - April 2022","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202305-02","name":"GLSA-202305-02","refsource":"GENTOO","tags":[],"title":"Python, PyPy3: Multiple Vulnerabilities (GLSA 202305-02) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20220225-0009/","name":"https://security.netapp.com/advisory/ntap-20220225-0009/","refsource":"CONFIRM","tags":[],"title":"CVE-2022-0391 Python Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U/","name":"FEDORA-2022-ef99a016f6","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: python2.7-2.7.18-20.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html","name":"[debian-lts-announce] 20230920 [SECURITY] [DLA 3575-1] python2.7 security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3575-1] python2.7 security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U/","name":"FEDORA-2022-ef99a016f6","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: python2.7-2.7.18-20.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/","name":"FEDORA-2022-18ad73aba6","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 35 Update: python2.7-2.7.18-20.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-0391","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0391","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"391","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"34","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"391","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"391","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"active_iq_unified_manager","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"vsphere","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"391","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"hci","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"391","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"hci_compute_node","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"391","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"management_services_for_element_software","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"391","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"ontap_select_deploy_administration_utility","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"391","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"solidfire\\,_enterprise_sds_\\&_hci_storage_node","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"391","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"http_server","cpe6":"12.2.1.3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"391","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"http_server","cpe6":"12.2.1.4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"391","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"zfs_storage_appliance_kit","cpe6":"8.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"391","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"python","cpe5":"python","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"391","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"python","cpe5":"python","cpe6":"3.10.0","cpe7":"alpha1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"391","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"python","cpe5":"python","cpe6":"3.10.0","cpe7":"alpha2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"391","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"python","cpe5":"python","cpe6":"3.10.0","cpe7":"alpha3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"391","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"python","cpe5":"python","cpe6":"3.10.0","cpe7":"alpha4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"391","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"python","cpe5":"python","cpe6":"3.10.0","cpe7":"alpha5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"391","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"python","cpe5":"python","cpe6":"3.10.0","cpe7":"alpha6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-0391","qid":"159797","title":"Oracle Enterprise Linux Security Update for python38:3.8 and python38-devel:3.8 (ELSA-2022-1764)"},{"cve":"CVE-2022-0391","qid":"159819","title":"Oracle Enterprise Linux Security Update for python27:2.7 (ELSA-2022-1821)"},{"cve":"CVE-2022-0391","qid":"160086","title":"Oracle Enterprise Linux Security Update for python3 (ELSA-2022-6457)"},{"cve":"CVE-2022-0391","qid":"160754","title":"Oracle Enterprise Linux Security Update for python (ELSA-2023-3550)"},{"cve":"CVE-2022-0391","qid":"198714","title":"Ubuntu Security Notification for Python Vulnerabilities (USN-5342-1)"},{"cve":"CVE-2022-0391","qid":"240254","title":"Red Hat Update for python27-python and python27-python-pip (RHSA-2022:1663)"},{"cve":"CVE-2022-0391","qid":"240287","title":"Red Hat Update for python38:3.8 and python38-devel:3.8 (RHSA-2022:1764)"},{"cve":"CVE-2022-0391","qid":"240302","title":"Red Hat Update for python27:2.7 (RHSA-2022:1821)"},{"cve":"CVE-2022-0391","qid":"240663","title":"Red Hat Update for python3 (RHSA-2022:6457)"},{"cve":"CVE-2022-0391","qid":"282346","title":"Fedora Security Update for mingw (FEDORA-2022-7018d21c6b)"},{"cve":"CVE-2022-0391","qid":"282427","title":"Fedora Security Update for python2.7 (FEDORA-2022-18ad73aba6)"},{"cve":"CVE-2022-0391","qid":"282428","title":"Fedora Security Update for python2.7 (FEDORA-2022-ef99a016f6)"},{"cve":"CVE-2022-0391","qid":"296057","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 44.113.4 Missing (bulletinapr2022)"},{"cve":"CVE-2022-0391","qid":"353942","title":"Amazon Linux Security Advisory for python : ALAS2-2022-1802"},{"cve":"CVE-2022-0391","qid":"353955","title":"Amazon Linux Security Advisory for python27 : ALAS-2022-1593"},{"cve":"CVE-2022-0391","qid":"377718","title":"Alibaba Cloud Linux Security Update for python3 (ALINUX3-SA-2022:0170)"},{"cve":"CVE-2022-0391","qid":"6000148","title":"Debian Security Update for python2.7 (DLA 3575-1)"},{"cve":"CVE-2022-0391","qid":"671550","title":"EulerOS Security Update for python3 (EulerOS-SA-2022-1582)"},{"cve":"CVE-2022-0391","qid":"671609","title":"EulerOS Security Update for python (EulerOS-SA-2022-1548)"},{"cve":"CVE-2022-0391","qid":"671614","title":"EulerOS Security Update for python2 (EulerOS-SA-2022-1581)"},{"cve":"CVE-2022-0391","qid":"671634","title":"EulerOS Security Update for python3 (EulerOS-SA-2022-1664)"},{"cve":"CVE-2022-0391","qid":"671643","title":"EulerOS Security Update for python3 (EulerOS-SA-2022-1650)"},{"cve":"CVE-2022-0391","qid":"671674","title":"EulerOS Security Update for python (EulerOS-SA-2022-1757)"},{"cve":"CVE-2022-0391","qid":"710714","title":"Gentoo Linux Python, PyPy3 Multiple Vulnerabilities (GLSA 202305-02)"},{"cve":"CVE-2022-0391","qid":"751895","title":"SUSE Enterprise Linux Security Update for python3 (SUSE-SU-2022:0882-1)"},{"cve":"CVE-2022-0391","qid":"751961","title":"OpenSUSE Security Update for python (openSUSE-SU-2022:1091-1)"},{"cve":"CVE-2022-0391","qid":"751976","title":"SUSE Enterprise Linux Security Update for python (SUSE-SU-2022:1140-1)"},{"cve":"CVE-2022-0391","qid":"751979","title":"SUSE Enterprise Linux Security Update for python (SUSE-SU-2022:1091-1)"},{"cve":"CVE-2022-0391","qid":"900691","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for python2 (8534)"},{"cve":"CVE-2022-0391","qid":"902044","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (8535)"},{"cve":"CVE-2022-0391","qid":"940499","title":"AlmaLinux Security Update for python27:2.7 (ALSA-2022:1821)"},{"cve":"CVE-2022-0391","qid":"940557","title":"AlmaLinux Security Update for python38:3.8 and python38-devel:3.8 (ALSA-2022:1764)"},{"cve":"CVE-2022-0391","qid":"940653","title":"AlmaLinux Security Update for python3 (ALSA-2022:6457)"},{"cve":"CVE-2022-0391","qid":"960252","title":"Rocky Linux Security Update for python38:3.8 and python38-devel:3.8 (RLSA-2022:1764)"},{"cve":"CVE-2022-0391","qid":"960259","title":"Rocky Linux Security Update for python27:2.7 (RLSA-2022:1821)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2022-0391","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"python","version":{"version_data":[{"version_value":"python 3.10.0b1, python 3.9.5, python 3.8.11, python 3.7.11, python 3.6.14"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-74"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://bugs.python.org/issue43882","url":"https://bugs.python.org/issue43882"},{"refsource":"FEDORA","name":"FEDORA-2022-ef99a016f6","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U/"},{"refsource":"FEDORA","name":"FEDORA-2022-18ad73aba6","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/"},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","refsource":"MISC","name":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20220225-0009/","url":"https://security.netapp.com/advisory/ntap-20220225-0009/"},{"refsource":"GENTOO","name":"GLSA-202305-02","url":"https://security.gentoo.org/glsa/202305-02"},{"refsource":"MLIST","name":"[debian-lts-announce] 20230920 [SECURITY] [DLA 3575-1] python2.7 security update","url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html"}]},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\\r' and '\\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14."}]}},"nvd":{"publishedDate":"2022-02-09 23:15:00","lastModifiedDate":"2023-11-07 03:41:00","problem_types":["CWE-74"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:3.10.0:alpha1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:3.10.0:alpha2:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:3.10.0:alpha3:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:3.10.0:alpha4:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:3.10.0:alpha5:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:3.10.0:alpha6:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","versionStartIncluding":"3.9.0","versionEndExcluding":"3.9.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8.0","versionEndExcluding":"3.8.11","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7.0","versionEndExcluding":"3.7.11","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","versionEndExcluding":"3.6.14","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"391","Ordinal":"227275","Title":"CVE-2022-0391","CVE":"CVE-2022-0391","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"391","Ordinal":"1","NoteData":"A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\\r' and '\\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.","Type":"Description","Title":null},{"CveYear":"2022","CveId":"391","Ordinal":"2","NoteData":"2022-02-09","Type":"Other","Title":"Published"},{"CveYear":"2022","CveId":"391","Ordinal":"3","NoteData":"2022-02-09","Type":"Other","Title":"Modified"}]}}}