Description
The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.
Remediation
References
Related Vulnerabilities
WordPress Plugin WPGraphQL Security Bypass (0.2.3)
WordPress Plugin Calendar Event Multi View Security Bypass (1.4.13)
WordPress Plugin Ad Invalid Click Protector (AICP) Malicious Code (1.2.9)
PHP Improper Input Validation Vulnerability (CVE-2014-9653)
WordPress Plugin jQuery Tagline Rotator Cross-Site Scripting (0.1.5)