Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:24489
HistoryApr 10, 2020 - 12:55 a.m.

Denial Of Service (DoS)

2020-04-1000:55:29
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10

EPSS

0.136

Percentile

95.6%

Python is vulnerable to denail of service (DoS). Due to a flaw found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects, it caused Python applications using these modules to follow any new URL that they understood, including the β€œfile://” URL type. This could allow a remote server to force a local Python application to read a local file instead of the remote one, possibly exposing local files that were not meant to be exposed.

References