84 matches found
python: cpython: URL parser allowed square brackets in domain names
A flaw was found in Python. The Python standard library functions urllib.parse.urlsplit and urlparse accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs...
CVE-2025-61594
A flaw was found in the URI module. A remote attacker could exploit this vulnerability by using the + operator to combine Uniform Resource Identifiers URIs. This bypasses a previous fix and can lead to the leakage of sensitive information, such as user credentials passwords, from the original URI...
python: cpython: URL parser allowed square brackets in domain names
A flaw was found in Python. The Python standard library functions urllib.parse.urlsplit and urlparse accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs...
CVE-2025-47912
CVE-2025-47912 is addressed in IBM Cloud Pak for Business Automation/IBM Business Automation Workflow container bulletins. The IBM advisories confirm that the vulnerability stems from a parsing flaw in the Parse function: it allows values other than IPv6 addresses to be placed inside square brack...
EUVD-2024-34319
Malicious code in bioql PyPI...
EUVD-2025-1935
Malicious code in bioql PyPI...
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-1721)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP10 : python3 (EulerOS-SA-2025-1809)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This...
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-1676)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP11 : python3 (EulerOS-SA-2025-1675)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid...
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-1675)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP13 : python3 (EulerOS-SA-2025-1623)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid...
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-1623)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP13 : python3 (EulerOS-SA-2025-1640)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid...
python: cpython: URL parser allowed square brackets in domain names
A flaw was found in Python. The Python standard library functions urllib.parse.urlsplit and urlparse accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs...
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-1436)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP12 : python3 (EulerOS-SA-2025-1436)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid...
EulerOS 2.0 SP12 : python3 (EulerOS-SA-2025-1435)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid...
BIT-PYTHON-2025-0938 URL parser allowed square brackets in domain names
The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...
BIT-PYTHON-MIN-2025-0938 URL parser allowed square brackets in domain names
The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...