PT-2026-3662 · Python+4 · Urllib+4

Published

2026-01-16

·

Updated

2026-05-19

·

CVE-2025-15282

CVSS v2.0

6.8

Medium

VectorAV:N/AC:L/Au:S/C:N/I:C/A:N
Name of the Vulnerable Software and Affected Versions Versions prior to 2025-15282
Description User-controlled data URLs parsed by urllib.request.DataHandler can allow injection of headers through newlines in the data URL mediatype. The issue involves the parsing of data URLs, potentially leading to manipulation of HTTP headers.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Weakness Enumeration

CWE-93

Related Identifiers

ALSA-2026:10950
ALSA-2026:19064
ALSA-2026:19177
BDU:2026-05133
BIT-LIBPYTHON-2025-15282
BIT-PYTHON-2025-15282
BIT-PYTHON-MIN-2025-15282
CVE-2025-15282
ECHO-C06A-D4E1-7228
OESA-2026-1458
OESA-2026-1459
OESA-2026-1460
OESA-2026-1461
OPENSUSE-SU-2026:10152-1
OPENSUSE-SU-2026:10200-1
OPENSUSE-SU-2026:10206-1
OPENSUSE-SU-2026:10221-1
OPENSUSE-SU-2026:10222-1
OPENSUSE-SU-2026:10223-1
OPENSUSE-SU-2026:20254-1
PSF-2026-2
RHSA-2026:10950
RHSA-2026:19064
RHSA-2026:19177
RHSA-2026:7443
RHSA-2026:7661
RHSA-2026:8822
RHSA-2026:8824
SUSE-SU-2026:0612-1
SUSE-SU-2026:0613-1
SUSE-SU-2026:0642-1
SUSE-SU-2026:0643-1
SUSE-SU-2026:0644-1
SUSE-SU-2026:0645-1
SUSE-SU-2026:0664-1
SUSE-SU-2026:0693-1
SUSE-SU-2026:0767-1
SUSE-SU-2026:1107-1
SUSE-SU-2026:1117-1
SUSE-SU-2026:1349-1
SUSE-SU-2026:20543-1
SUSE-SU-2026:20581-1
SUSE-SU-2026:20665-1
SUSE-SU-2026:20710-1
SUSE-SU-2026:20768-1
SUSE-SU-2026:20796-1
USN-8018-1
USN-8018-3

Affected Products

Linuxmint
Red Os
Rocky Linux
Ubuntu
Urllib