58 matches found
CVE-2026-25673
Django is affected in multiple supported branches: 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. The issue arises in URLField.to_python(), where urllib.parse.urlsplit() performs NFKC normalization on Windows, causing excessive processing time for certain Unicode characters and enabl...
CVE-2026-25673 Potential denial-of-service vulnerability in URLField via Unicode normalization on Windows
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. URLField.topython in Django calls urllib.parse.urlsplit, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause denial o...
MiracleLinux 4 : python-2.6.6-68.0.1.AXS4 (AXSA:2019-3919:02)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-3919:02 advisory. python: Information Disclosure due to urlsplit improper NFKC normalization CVE-2019-9636 Tenable has extracted the preceding description block directly from...
ROS-20251223-7322
A vulnerability in the urllib.parse.urlsplit and urlparse functions of the Python programming language interpreter is related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow an attacker acting remotely to affect data integrity...
ROS-20251223-7321
A vulnerability in the urllib.parse.urlsplit and urlparse functions of the Python programming language interpreter is related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow an attacker acting remotely to affect data integrity...
ROS-20251223-7324
A vulnerability in the urllib.parse.urlsplit and urlparse functions of the Python programming language interpreter is related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow an attacker acting remotely to affect data integrity...
ROS-20251223-7323
A vulnerability in the urllib.parse.urlsplit and urlparse functions of the Python programming language interpreter is related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow an attacker acting remotely to affect data integrity...
EUVD-2024-34319
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-11168
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not...
EulerOS 2.0 SP10 : python3 (EulerOS-SA-2025-1786)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This...
EulerOS 2.0 SP10 : python3 (EulerOS-SA-2025-1809)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This...
python: cpython: URL parser allowed square brackets in domain names
A flaw was found in Python. The Python standard library functions urllib.parse.urlsplit and urlparse accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs...
Medium: python3.9
Issue Overview: The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could...
CLSA-2025-1741635940 python3: Fix of 2 CVEs
CVE-2024-11168: fix improper validation of bracketed hosts in urllib.parse.urlsplit and urlparse functions - CVE-2025-0938: fix incomplete algorithm of validating hosts by disallowing square brackets in domain names...
CLSA-2025-1741635599 python3: Fix of 2 CVEs
CVE-2024-11168: fix improper validation of bracketed hosts in urllib.parse.urlsplit and urlparse functions - CVE-2025-0938: fix incomplete algorithm of validating hosts by disallowing square brackets in domain names...
Security update for python
This update for python fixes the following issues: CVE-2025-0938: functions urllib.parse.urlsplit and urlparse accept domain names including square brackets bsc1236705. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for python
This update for python fixes the following issues: CVE-2025-0938: functions urllib.parse.urlsplit and urlparse accept domain names including square brackets bsc1236705. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
SUSE CVE-2025-0938
The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...
OESA-2025-1028 python3 security update
Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...
OESA-2025-1027 python3 security update
Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...