7 matches found
MiracleLinux 8 : python39:3.9 and python39-devel:3.9 (AXSA:2023-6216:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6216:01 advisory. python: urllib.parse url blocklisting bypass CVE-2023-24329 Tenable has extracted the preceding description block directly from the MiracleLinux security...
MiracleLinux 8 : python38:3.8 and python38-devel:3.8 (AXSA:2023-6215:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6215:01 advisory. python: urllib.parse url blocklisting bypass CVE-2023-24329 Tenable has extracted the preceding description block directly from the MiracleLinux security...
CLSA-2023-1687469630 Fix CVE(s): CVE-2023-24329
SECURITY UPDATE: urllib.parse space handling CVE-2023-24329 appears unfixed - debian/patches/CVE-2023-24329-2.patch: start stripping C0 control and space chars in urlsplit - CVE-2023-24329...
CLSA-2023-1687469528 Fix CVE(s): CVE-2023-24329
SECURITY UPDATE: urllib.parse space handling CVE-2023-24329 appears unfixed - debian/patches/CVE-2023-24329-2.patch: start stripping C0 control and space chars in urlsplit - CVE-2023-24329...
CLSA-2023-1678820490 python3: Fix of CVE-2023-24329
CVE-2023-24329: Prevent urllib.parse.urlparse from accepting schemes that don't begin with an alphabetical ASCII character...
CLSA-2023-1678136704 Fix CVE(s): CVE-2023-24329
SECURITY UPDATE: Improper input validation - debian/patches/CVE-2023-24329-v2.7.patch: Prevent urllib.parse.urlparse from accepting schemes that don't begin with an alphabetical ASCII character - CVE-2023-24329...
SUSE CVE-2023-24329
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters...