Astra Linux - уязвимость в python-django, python2.7

Packages containing “python/cpython” from versions 0 and earlier, including 3.6.13, 3.7.0 and earlier than 3.7.10, 3.8.0 and earlier than 3.8.8, 3.9.0 and earlier than 3.9.2, are vulnerable to Web Cache Poisoning via “urllib.parse.parseqsl” and “urllib.parse.parseqs”. This vulnerability occurs du...

Astra Linux - уязвимость в pypy

Python versions 2.7.x through 2.7.16, and 3.x through 3.7.2 are affected by improper handling of Unicode encoding with an incorrect netloc during NFKC normalization. The impact is information disclosure—credentials, cookies, etc., that are cached against a given hostname. The affected components...

MiracleLinux 8 : python3-3.6.8-51.el8.1.ML.1 (AXSA:2023-6176:05)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6176:05 advisory. python: urllib.parse url blocklisting bypass CVE-2023-24329 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 7 : python-2.7.5-93.0.1.el7.AXS7 (AXSA:2023-6068:37)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6068:37 advisory. python: urllib.parse url blocklisting bypass CVE-2023-24329 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 8 : python3.11-3.11.2-2.el8.1 (AXSA:2023-6179:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6179:02 advisory. python: urllib.parse url blocklisting bypass CVE-2023-24329 Tenable has extracted the preceding description block directly from the MiracleLinux security...

ROS-20251223-7324

A vulnerability in the urllib.parse.urlsplit and urlparse functions of the Python programming language interpreter is related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow an attacker acting remotely to affect data integrity...

ROS-20251223-7323

A vulnerability in the urllib.parse.urlsplit and urlparse functions of the Python programming language interpreter is related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow an attacker acting remotely to affect data integrity...

TencentOS Server 2: unbound (TSSA-2023:0126)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0126 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

EUVD-2023-28385

Malicious code in bioql PyPI...

python: cpython: URL parser allowed square brackets in domain names

A flaw was found in Python. The Python standard library functions urllib.parse.urlsplit and urlparse accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs...

Amazon Linux 2 : python (ALAS-2025-2797)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2797 advisory. An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior...

CVE-2025-0454

A Server-Side Request Forgery SSRF vulnerability was identified in the Requests utility of significant-gravitas/autogpt versions prior to v0.4.0. The vulnerability arises due to a hostname confusion between the urlparse function from the urllib.parse library and the requests library. A malicious...

OESA-2025-1148 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

Python 代码问题漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A code issue vulnerability exists in Python that stems from the urllib.parse.urlsplit function and the urlparse...

BIT-PYTHON-2021-23336 Web Cache Poisoning

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can...

python: urllib.parse url blocklisting bypass

A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity...

Medium: python38

Issue Overview: An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. CVE-2023-24329 Affected Packages: python38 Note: This advisory is applicable to Amazon Linux 2 - Python3.8 Extra. Vis...

Vulnerabilities fixed in Python

Vulnerabilities have been fixed in Python. In addition to the vulnerabilities in OpenSSL, for which the NCSC has published previous security advisories published, a vulnerability has also been fixed in the urllib.parse component. Because proper input validation does not take place, it is possible...

python: urllib.parse url blocklisting bypass

A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity...

SUSE-SU-2023:2937-1 Security update for python311

This update for python311 fixes the following issues: python was updated to version 3.11.4: - CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters bsc1208471. - CVE-2007-4559: Fixed python tarfile module directory traversal...