GHSA-373W-RJ84-PV6X SafeURL-Python's hostname blocklist does not block FQDNs

Description If a hostname was blacklisted, it was possible to bypass the blacklist by requesting the FQDN of the host e.g. adding . to the end. Impact The main purpose of this library is to block requests to internal/private IPs and these cannot be bypassed using this finding. But if a library us...

SafeURL-Python's hostname blocklist does not block FQDNs

Description If a hostname was blacklisted, it was possible to bypass the blacklist by requesting the FQDN of the host e.g. adding . to the end. Impact The main purpose of this library is to block requests to internal/private IPs and these cannot be bypassed using this finding. But if a library us...

GHSA-JGH8-VCHW-Q3G7 safeurl-python contains Server-Side Request Forgery

Description In SafeURL it is possible to specify a list of domains that should be matched before a request is sent out. The regex used to compare domains did not work as intended. Impact The regex used was: re.match"?i^%s" % domain, value This has two problems, first that only the beginning and n...