DEBIAN-CVE-2026-4519

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2026-4519

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4519.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2026-4519

Upstream

CVE-2026-4519

Published

2026-03-20T15:16:24.057Z

Modified

2026-05-16T14:00:59.571358927Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open().

References

https://security-tracker.debian.org/tracker/CVE-2026-4519

Affected packages

Debian:11

jython

Package

Name: jython
Purl: pkg:deb/debian/jython?arch=source&distro=bullseye

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.7.2+repack1-3

2.7.2+repack1-4

2.7.2+repack1-5

2.7.3+repack1-1

Ecosystem specific

{
    "urgency": "end-of-life"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4519.json"

pypy3

Package

Name: pypy3
Purl: pkg:deb/debian/pypy3?arch=source&distro=bullseye

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.3.5+dfsg-2

7.3.5+dfsg-2+deb11u1

7.3.5+dfsg-2+deb11u2

7.3.5+dfsg-2+deb11u3

7.3.5+dfsg-2+deb11u4

7.3.5+dfsg-2+deb11u5

7.3.6~rc2+dfsg-1

7.3.6~rc2+dfsg-2

7.3.6+dfsg-1

7.3.7+dfsg-1

7.3.7+dfsg-2

7.3.7+dfsg-3

7.3.7+dfsg-4

7.3.7+dfsg-5

7.3.8~rc1+dfsg-1

7.3.8~rc1+dfsg-2

7.3.8+dfsg-1

7.3.8+dfsg-2

7.3.9+dfsg-1

7.3.9+dfsg-2

7.3.9+dfsg-3

7.3.9+dfsg-4

7.3.9+dfsg-5

7.3.10~rc3+dfsg-1

7.3.10~rc3+dfsg-2

7.3.10+dfsg-1

7.3.11+dfsg-1

7.3.11+dfsg-2

7.3.12~rc1+dfsg-1

7.3.12~rc2+dfsg-1

7.3.12+dfsg-1

7.3.13+dfsg-1

7.3.14+dfsg-1

7.3.15+dfsg-1

7.3.16+dfsg-1

7.3.16+dfsg-2

7.3.17+dfsg-1

7.3.17+dfsg-2

7.3.17+dfsg-3

7.3.18+dfsg-1

7.3.18+dfsg-2

7.3.19+dfsg-1

7.3.19+dfsg-2

7.3.20+dfsg-1

7.3.20+dfsg-2

7.3.20+dfsg-3

7.3.20+dfsg-4

7.3.21+dfsg-1

7.3.21+dfsg-2

7.3.21+dfsg-3

7.3.21+dfsg-4

7.3.22+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4519.json"

python2.7

Package

Name: python2.7
Purl: pkg:deb/debian/python2.7?arch=source&distro=bullseye

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.7.18-8

2.7.18-8+deb11u1

2.7.18-9

2.7.18-10

2.7.18-11

2.7.18-12

2.7.18-13

2.7.18-13.1~exp1

2.7.18-13.1

2.7.18-13.2

Ecosystem specific

{
    "urgency": "end-of-life"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4519.json"

python3.9

Package

Name: python3.9
Purl: pkg:deb/debian/python3.9?arch=source&distro=bullseye

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.9.2-1+deb11u7

Affected versions

3.*

3.9.2-1

3.9.2-1+deb11u1

3.9.2-1+deb11u2

3.9.2-1+deb11u3

3.9.2-1+deb11u4

3.9.2-1+deb11u5

3.9.2-1+deb11u6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4519.json"

Debian:12

jython

Package

Name: jython
Purl: pkg:deb/debian/jython?arch=source&distro=bookworm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.7.3+repack1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4519.json"

pypy3

Package

Name: pypy3
Purl: pkg:deb/debian/pypy3?arch=source&distro=bookworm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.3.11+dfsg-2

7.3.11+dfsg-2+deb12u1

7.3.11+dfsg-2+deb12u2

7.3.11+dfsg-2+deb12u3

7.3.12~rc1+dfsg-1

7.3.12~rc2+dfsg-1

7.3.12+dfsg-1

7.3.13+dfsg-1

7.3.14+dfsg-1

7.3.15+dfsg-1

7.3.16+dfsg-1

7.3.16+dfsg-2

7.3.17+dfsg-1

7.3.17+dfsg-2

7.3.17+dfsg-3

7.3.18+dfsg-1

7.3.18+dfsg-2

7.3.19+dfsg-1

7.3.19+dfsg-2

7.3.20+dfsg-1

7.3.20+dfsg-2

7.3.20+dfsg-3

7.3.20+dfsg-4

7.3.21+dfsg-1

7.3.21+dfsg-2

7.3.21+dfsg-3

7.3.21+dfsg-4

7.3.22+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4519.json"

python3.11

Package

Name: python3.11
Purl: pkg:deb/debian/python3.11?arch=source&distro=bookworm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.11.2-6

3.11.2-6+deb12u1

3.11.2-6+deb12u2

3.11.2-6+deb12u3

3.11.2-6+deb12u4

3.11.2-6+deb12u5

3.11.2-6+deb12u6

3.11.2-6+deb12u7

3.11.3-1

3.11.3-2

3.11.4-1

3.11.5-1

3.11.5-2

3.11.5-3

3.11.6-1

3.11.6-2

3.11.6-3~hurd.2

3.11.6-3

3.11.7-1

3.11.7-2

3.11.8-1

3.11.8-1.1~exp1

3.11.8-1.1~exp2

3.11.8-2

3.11.8-3

3.11.8-3+hurd.1

3.11.9-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4519.json"

Debian:13

jython

Package

Name: jython
Purl: pkg:deb/debian/jython?arch=source&distro=trixie

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.7.3+repack1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4519.json"

pypy3

Package

Name: pypy3
Purl: pkg:deb/debian/pypy3?arch=source&distro=trixie

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.3.19+dfsg-2

7.3.20+dfsg-1

7.3.20+dfsg-2

7.3.20+dfsg-3

7.3.20+dfsg-4

7.3.21+dfsg-1

7.3.21+dfsg-2

7.3.21+dfsg-3

7.3.21+dfsg-4

7.3.22+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4519.json"

python3.13

Package

Name: python3.13
Purl: pkg:deb/debian/python3.13?arch=source&distro=trixie

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.13.5-2+deb13u2

Affected versions

3.*

3.13.5-2

3.13.5-2+deb13u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4519.json"

Debian:14

jython

Package

Name: jython
Purl: pkg:deb/debian/jython?arch=source&distro=forky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.7.3+repack1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4519.json"

pypy3

Package

Name: pypy3
Purl: pkg:deb/debian/pypy3?arch=source&distro=forky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.3.22+dfsg-1

Affected versions

7.*

7.3.19+dfsg-2

7.3.20+dfsg-1

7.3.20+dfsg-2

7.3.20+dfsg-3

7.3.20+dfsg-4

7.3.21+dfsg-1

7.3.21+dfsg-2

7.3.21+dfsg-3

7.3.21+dfsg-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4519.json"

python3.13

Package

Name: python3.13
Purl: pkg:deb/debian/python3.13?arch=source&distro=forky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.13.5-2

3.13.6-1

3.13.7-1

3.13.8-1

3.13.9-1

3.13.11-1

3.13.12-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4519.json"

python3.14

Package

Name: python3.14
Purl: pkg:deb/debian/python3.14?arch=source&distro=forky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.14.4-1

Affected versions

3.*

3.14.0~a7-1

3.14.0~b1-1

3.14.0~b2-1

3.14.0~b3-1

3.14.0~b4-1

3.14.0~rc1-1

3.14.0~rc2-1

3.14.0~rc3-1

3.14.0-1

3.14.0-2

3.14.0-3

3.14.0-4

3.14.0-5

3.14.2-1

3.14.3-1

3.14.3-2

3.14.3-3

3.14.3-4

3.14.3-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4519.json"