Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Oracle HTTP Server Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2022-0391 - Vulnerability Database
Oracle HTTP Server

Oracle HTTP Server Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2022-0391

High
Reference: CVE-2022-0391
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-0391
Title: Oracle HTTP Server Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
Overview:

A flaw was found in Python specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like 39r39 and 39n39 in the URL path. This flaw allows an attacker to input a crafted URL leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1 3.9.5 3.8.11 3.7.11 and 3.6.14.