62 matches found
BIT-PYTHON-2024-11168 Improper validation of IPv6 and IPvFuture addresses
The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser...
python: Improper validation of IPv6 and IPvFuture addresses
A flaw was found in Python. The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery SSRF if a URL is...
SUSE CVE-2024-11168
The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser...
AZL-53016 CVE-2024-11168 affecting package python3 for versions less than 3.9.19-7
The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser...
DEBIAN-CVE-2024-11168
The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser...
CVE-2024-11168
CVE-2024-11168 affects CPython’s urllib.parse.urlsplit/urlparse, where bracketed hosts ([]) were not validated per RFC 3986, allowing non-IPv6/Future hosts and potentially enabling SSRF if a URL is processed by multiple parsers. Affected components are the Python standard library’s URL parsing fu...
Python 代码问题漏洞
Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A code issue vulnerability exists in Python that stems from the urllib.parse.urlsplit function and the urlparse...
python: Fix of CVE-2023-24329
CVE-2023-24329: part2: Start stripping C0 control and space chars in urlsplit - Also correct the first CVE-2023-24329 patch: Fix testattributesbadscheme to check for non-ascii symbol as first character of url...
CLSA-2023-1689886440 python: Fix of CVE-2023-24329
CVE-2023-24329: part2: Start stripping C0 control and space chars in urlsplit - Also correct the first CVE-2023-24329 patch: Fix testattributesbadscheme to check for non-ascii symbol as first character of url...
CLSA-2023-1689886120 python: Fix of CVE-2023-24329
CVE-2023-24329: part2: Start stripping C0 control and space chars in urlsplit - Also correct the first CVE-2023-24329 patch: Fix testattributesbadscheme to check for non-ascii symbol as first character of url...
CLSA-2023-1689885970 Fix CVE(s): CVE-2023-24329
SECURITY UPDATE: urllib.parse space handling CVE-2023-24329 appears unfixed - debian/patches/CVE-2023-24329-2.patch: Start stripping C0 control and space chars in urlsplit - CVE-2023-24329...
CLSA-2023-1689885838 Fix CVE(s): CVE-2023-24329
SECURITY UPDATE: urllib.parse space handling CVE-2023-24329 appears unfixed - debian/patches/CVE-2023-24329-2-v2.7.patch: Start stripping C0 control and space chars in urlsplit - debian/patches/CVE-2023-24329-v2.7.patch: Fix testattributesbadscheme to check for non-ascii symbol as first character...
CLSA-2023-1689885583 python3: Fix of CVE-2023-24329
CVE-2023-24329: part2: Start stripping C0 control and space chars in urlsplit...
CLSA-2023-1689885378 python2: Fix of CVE-2023-24329
CVE-2023-24329: part2: Start stripping C0 control and space chars in urlsplit - Also correct the first CVE-2023-24329 patch: Fix testattributesbadscheme to check for non-ascii symbol as first character of url...
CLSA-2023-1689885237 python3: Fix of CVE-2023-24329
CVE-2023-24329: part2: Start stripping C0 control and space chars in urlsplit...
CLSA-2023-1689885005 python2: Fix of CVE-2023-24329
CVE-2023-24329: part2: Start stripping C0 control and space chars in urlsplit - Also correct the first CVE-2023-24329 patch: Fix testattributesbadscheme to check for non-ascii symbol as first character of url...
CLSA-2023-1687469630 Fix CVE(s): CVE-2023-24329
SECURITY UPDATE: urllib.parse space handling CVE-2023-24329 appears unfixed - debian/patches/CVE-2023-24329-2.patch: start stripping C0 control and space chars in urlsplit - CVE-2023-24329...
CLSA-2023-1687469528 Fix CVE(s): CVE-2023-24329
SECURITY UPDATE: urllib.parse space handling CVE-2023-24329 appears unfixed - debian/patches/CVE-2023-24329-2.patch: start stripping C0 control and space chars in urlsplit - CVE-2023-24329...
Malicious code in urlsplit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx bf377809debc50d8a2d133b1698a4cfcf50da74cdb4bb825ee6de16896453a58 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
MAL-2023-7798 Malicious code in urlsplit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx bf377809debc50d8a2d133b1698a4cfcf50da74cdb4bb825ee6de16896453a58 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...