Astra Linux - уязвимость в python3.7, python2.7

A issue in the urllib.parse component of Python prior to version 3.11.4 allows attackers to bypass blocklisting methods by providing a URL that starts with blank characters...

BIT-LIBPYTHON-2023-24329

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters...

BIT-LIBPYTHON-2021-23336 Web Cache Poisoning

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can...

Linux Distros Unpatched Vulnerability : CVE-2023-24329

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank...

Python Improper Input Validation Vulnerability (Jan 2025) - Mac OS X

Python is prone to an improper input validation vulnerability in the urllib.parse.urlsplit and urlparse standard functions. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

BIT-PYTHON-MIN-2022-0391

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...

CVE-2024-11168

The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser...

CVE-2024-11168 Improper validation of IPv6 and IPvFuture addresses

The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser...

CVE-2024-11168 Improper validation of IPv6 and IPvFuture addresses

The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser...

CVE-2024-11168

CVE-2024-11168 affects CPython’s urllib.parse.urlsplit/urlparse, where bracketed hosts ([]) were not validated per RFC 3986, allowing non-IPv6/Future hosts and potentially enabling SSRF if a URL is processed by multiple parsers. Affected components are the Python standard library’s URL parsing fu...

Fedora: Security Advisory (FEDORA-2024-6dedbc5cf9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-f7f36c20a2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20220304.423)

The version of AHV installed on the remote host is prior to 20220304.423. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20220304.423 advisory. - An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20220304.441)

The version of AHV installed on the remote host is prior to 20220304.441. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20220304.441 advisory. - An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by...

Huawei EulerOS: Security Advisory for python2 (EulerOS-SA-2024-2292)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GLSA-202405-01 : Python, PyPy3: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202405-01 Python, PyPy3: Multiple Vulnerabilities - An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the...

Updated python python3 packages fix security vulnerabilities

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...

BIT-PYTHON-2022-0391

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...

BIT-PYTHON-2023-24329

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters...

CentOS 9 : python3.11-3.11.4-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the python3.11-3.11.4-1.el9 build changelog. - An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts...