Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-15282

Опубликовано: 20 янв. 2026
Источник: debian
EPSS Низкий

Описание

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python3.14unfixedpackage
python3.13unfixedpackage
python3.11removedpackage
python3.9removedpackage
pypy3unfixedpackage
pypy3no-dsatrixiepackage
pypy3no-dsabookwormpackage
python2.7removedpackage
python2.7end-of-lifebullseyepackage
jythonunfixedpackage
jythonno-dsatrixiepackage
jythonno-dsabookwormpackage
jythonend-of-lifebullseyepackage

Примечания

  • https://github.com/python/cpython/issues/143925

  • https://github.com/python/cpython/pull/143926

  • https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/

  • https://github.com/python/cpython/commit/f25509e78e8be6ea73c811ac2b8c928c28841b9f (main)

EPSS

Процентиль: 24%
0.00081
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-15282

ubuntu
18 дней назад

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.

nvd логотип

CVE-2025-15282

nvd
18 дней назад

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.

github логотип

GHSA-6rv6-r2f2-gqrc

github
18 дней назад

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.

EPSS

Процентиль: 24%
0.00081
Низкий