Arbitrary Argument Injection SNYK-RHEL9-PYTHON3-15760267

## NVD Description
**_Note:_** _Versions mentioned in the description apply only to the upstream `python3` package and not the `python3` package as distributed by `RHEL`._
_See `How to fix?` for `RHEL:9` relevant fixed versions and status._

The webbrowser.open() API would accept leading dashes in the URL which 
could be handled as command line options for certain web browsers. New 
behavior rejects leading dashes. Users are recommended to sanitize URLs 
prior to passing to webbrowser.open().
## Remediation
There is no fixed version for `RHEL:9` `python3`.
## References
- [https://access.redhat.com/security/cve/CVE-2026-4519](https://access.redhat.com/security/cve/CVE-2026-4519)
- [https://github.com/python/cpython/issues/143930](https://github.com/python/cpython/issues/143930)
- [https://github.com/python/cpython/pull/143931](https://github.com/python/cpython/pull/143931)
- [https://mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/](https://mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/)
- [http://www.openwall.com/lists/oss-security/2026/03/20/1](http://www.openwall.com/lists/oss-security/2026/03/20/1)
- [https://github.com/python/cpython/commit/43fe06b96f6a6cf5cfd5bdab20b8649374956866](https://github.com/python/cpython/commit/43fe06b96f6a6cf5cfd5bdab20b8649374956866)
- [https://github.com/python/cpython/commit/82a24a4442312bdcfc4c799885e8b3e00990f02b](https://github.com/python/cpython/commit/82a24a4442312bdcfc4c799885e8b3e00990f02b)
- [https://github.com/python/cpython/commit/9669a912a0e329c094e992204d6bdb8787024d76](https://github.com/python/cpython/commit/9669a912a0e329c094e992204d6bdb8787024d76)
- [https://github.com/python/cpython/commit/ad4d5ba32af4d80b0dfa2ba9d8203bfb219e60a5](https://github.com/python/cpython/commit/ad4d5ba32af4d80b0dfa2ba9d8203bfb219e60a5)
- [https://github.com/python/cpython/commit/ceac1efc66516ac387eef2c9a0ce671895b44f03](https://github.com/python/cpython/commit/ceac1efc66516ac387eef2c9a0ce671895b44f03)
- [https://github.com/python/cpython/commit/cbba6119391112aba9c5aebf7b94aea447922c48](https://github.com/python/cpython/commit/cbba6119391112aba9c5aebf7b94aea447922c48)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Arbitrary Argument Injection SNYK-RHEL9-PYTHON3-15760267 #8850

NVD Description

Remediation

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Arbitrary Argument Injection SNYK-RHEL9-PYTHON3-15760267 #8850

Description

NVD Description

Remediation

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions