[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250038

 
 

909

 
 

195843

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2023-24329Date: (C)2023-02-21   (M)2024-04-19


An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.5CVSS Score :
Exploit Score: 3.9Exploit Score:
Impact Score: 3.6Impact Score:
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector:
Attack Complexity: LOWAccess Complexity:
Privileges Required: NONEAuthentication:
User Interaction: NONEConfidentiality:
Scope: UNCHANGEDIntegrity:
Confidentiality: NONEAvailability:
Integrity: HIGH 
Availability: NONE 
  
Reference:
FEDORA-2023-03599274db
FEDORA-2023-1092538441
FEDORA-2023-2b25dd2a11
FEDORA-2023-309cadedc6
FEDORA-2023-31888c4781
FEDORA-2023-401947eb94
FEDORA-2023-406c1c6ed7
FEDORA-2023-56cefa23df
FEDORA-2023-63c69aa712
FEDORA-2023-690e150a39
FEDORA-2023-81bb8e3b99
FEDORA-2023-953c2607d8
FEDORA-2023-96aa33f0d3
FEDORA-2023-994ecd7dbc
FEDORA-2023-acdfd145f2
FEDORA-2023-b3a3df39dd
FEDORA-2023-b854908745
FEDORA-2023-d294ef140e
FEDORA-2023-d8b0003ecd
FEDORA-2023-dd526ed2e4
FEDORA-2023-f52390b9d2
VU#127587
https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html
https://github.com/python/cpython/issues/102153
https://github.com/python/cpython/pull/99421
https://pointernull.com/security/python-url-parse-problem.html
https://security.netapp.com/advisory/ntap-20230324-0004/

CPE    1
cpe:/a:python:python
CWE    1
CWE-20
OVAL    85
oval:org.secpod.oval:def:97737
oval:org.secpod.oval:def:19500586
oval:org.secpod.oval:def:708482
oval:org.secpod.oval:def:206034
...

© SecPod Technologies