Lucene search

K
osvGoogleOSV:USN-6139-1
HistoryJun 05, 2023 - 4:55 p.m.

python2.7, python3.10, python3.11, python3.5, python3.6, python3.8 vulnerability

2023-06-0516:55:11
Google
osv.dev
10
python
urls
vulnerability
yebo cao

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.2

Confidence

Low

EPSS

0.002

Percentile

52.1%

Yebo Cao discovered that Python incorrectly handled certain URLs.
An attacker could use this issue to bypass blockinglisting methods.
This issue was first addressed in USN-5960-1, but was incomplete.
Here we address an additional fix to that issue. (CVE-2023-24329)

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.2

Confidence

Low

EPSS

0.002

Percentile

52.1%