python is vulnerable to information disclosure. It is because the cookie domain check returns incorrect results.
lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html
lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html
lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
access.redhat.com/errata/RHSA-2019:3725
access.redhat.com/errata/RHSA-2019:3948
access.redhat.com/security/updates/classification/#moderate
bugs.python.org/issue35121
bugzilla.redhat.com/show_bug.cgi?id=1709344
bugzilla.redhat.com/show_bug.cgi?id=1749103
lists.debian.org/debian-lts-announce/2019/08/msg00022.html
lists.debian.org/debian-lts-announce/2019/08/msg00040.html
lists.debian.org/debian-lts-announce/2020/07/msg00011.html
lists.fedoraproject.org/archives/list/[email protected]/message/COATURTCY7G67AYI6UDV5B2JZTBCKIDX/
lists.fedoraproject.org/archives/list/[email protected]/message/K7HNVIFMETMFWWWUNTB72KYJYXCZOS5V/
lists.fedoraproject.org/archives/list/[email protected]/message/ZBTGPBUABGXZ7WH7677OEM3NSP6ZEA76/
python-security.readthedocs.io/vuln/cookie-domain-check.html
security.gentoo.org/glsa/202003-26
usn.ubuntu.com/4127-1/
usn.ubuntu.com/4127-2/
www.oracle.com/security-alerts/cpuapr2020.html