{"id":"MGASA-2021-0165","summary":"Updated python and python3 packages fix security vulnerability","details":"Updated python and python3  security vulnerability:\n\nThe package python/cpython is vulnerable to Web Cache Poisoning via\nurllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called\nparameter cloaking. When the attacker can separate query parameters using\na semicolon (;), they can cause a difference in the interpretation of the\nrequest between the proxy (running with default configuration) and the\nserver. This can result in malicious requests being cached as completely\nsafe ones, as the proxy  would usually not see the semicolon as a separator,\nand therefore would not include it in a cache key of an unkeyed parameter\n(CVE-2021-23336).\n","modified":"2026-04-16T04:43:00.562986305Z","published":"2021-04-02T10:16:21Z","upstream":["CVE-2021-23336"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0165.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=28408"},{"type":"WEB","url":"https://blog.python.org/2021/02/python-392-and-388-are-now-available.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/"}],"affected":[{"package":{"name":"python3","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/python3?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.7.10-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0165.json"}},{"package":{"name":"python","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/python?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.18-1.3.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0165.json"}},{"package":{"name":"python3","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/python3?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.8.8-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0165.json"}},{"package":{"name":"python","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/python?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.18-7.1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0165.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}