BIT-libpython-2026-4519

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/libpython/BIT-libpython-2026-4519.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-libpython-2026-4519

Withdrawn

2026-03-27T08:47:34.489530Z

Published

2026-03-25T08:44:11.251Z

Modified

2026-03-27T08:56:26.348092395Z

Summary

webbrowser.open() allows leading dashes in URLs

Details

The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open().

Database specific

{
    "severity": "High",
    "cpes": [
        "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"
    ]
}

References

Affected packages

Bitnami / libpython

Package

Name: libpython
Purl: pkg:bitnami/libpython

Severity

7.0 (High) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.15.0

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/libpython/BIT-libpython-2026-4519.json"