CVE-2023-24329

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-24329

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-24329.json

Aliases

Related

Withdrawn

2024-05-15T05:34:07.198020Z

Published

2023-02-17T15:15:12Z

Modified

2023-12-06T01:02:51.879638Z

Summary

[none]

Details

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

References

Affected packages

Git / github.com/python/cpython

Affected ranges

Type: GIT
Repo: https://github.com/python/cpython
Events: Introduced

b494f5935c92951e75597bfe1c8b1f3112fec270

Fixed

b4e48a444ea02921ce4b701fe165e6cfd4cf5845

Introduced

9cf6752276e6fcfd0c23fdb064ad27f448aaaf75

Introduced

fa919fdf2583bdfead1df00e842f24f30b2a34bf

Introduced

deaf509e8fc6e0363bd6f26d52ad42f976ec42f2

Affected versions

v3.*

v3.10.0

v3.10.1

v3.10.10

v3.10.11

v3.10.2

v3.10.3

v3.10.4

v3.10.5

v3.10.6

v3.10.7

v3.10.8

v3.10.9