12 matches found
EUVD-2023-0298
Malicious code in bioql PyPI...
CVE-2023-24622
isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF...
SafeURL-Python's hostname blocklist does not block FQDNs
Description If a hostname was blacklisted, it was possible to bypass the blacklist by requesting the FQDN of the host e.g. adding . to the end. Impact The main purpose of this library is to block requests to internal/private IPs and these cannot be bypassed using this finding. But if a library us...
PT-2023-32967 · Pypi · Safeurl-Python
Name of the Vulnerable Software and Affected Versions: safeurl-python affected versions not specified Description: The issue allows bypassing of blacklisted hostnames by requesting the FQDN of the host, for example, by adding a . to the end. This could enable an attacker to circumvent blocks set ...
GHSA-RW83-V3PW-M362 Withdrawn: safeurl-python contains Server-Side Request Forgery
Withdrawn This advisory has been withdrawn as a duplicate of GHSA-jgh8-vchw-q3g7. Original Description isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF...
Withdrawn: safeurl-python contains Server-Side Request Forgery
Withdrawn This advisory has been withdrawn as a duplicate of GHSA-jgh8-vchw-q3g7. Original Description isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF...
CVE-2023-24622
isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF...
Server side request forgery (ssrf)
isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF...
PYSEC-2023-298
isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF...
CVE-2023-24622
isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF...
CVE-2023-24622
CVE-2023-24622 affects the safeurl-python package (Python) prior to 1.2. The vulnerability stems from an insufficiently restrictive regular expression in isInList for external domains, enabling server-side request forgery (SSRF). Multiple sources (NVD, Red Hat, OSV, PRION, others) corroborate the...
CVE-2023-24622
isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF...