Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-24329

Опубликовано: 17 фев. 2023
Источник: debian
EPSS Низкий

Описание

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python3.11fixed3.11.4-1package
python3.11fixed3.11.2-6+deb12u2bookwormpackage
python3.9removedpackage
python3.7removedpackage
python3.7ignoredbusterpackage
python2.7removedpackage
python2.7fixed2.7.18-8+deb11u1bullseyepackage
pypy3fixed7.3.12+dfsg-1package
pypy3fixed7.3.11+dfsg-2+deb12u2bookwormpackage
pypy3no-dsabusterpackage

Примечания

  • https://pointernull.com/security/python-url-parse-problem.html

  • https://github.com/python/cpython/pull/99421

  • https://github.com/python/cpython/pull/99446 (backport for 3.11 branch)

  • https://github.com/python/cpython/commit/439b9cfaf43080e91c4ad69f312f21fa098befc7 (v3.12.0a2)

  • https://github.com/python/cpython/commit/72d356e3584ebfb8e813a8e9f2cd3dccf233c0d9 (v3.11.1)

  • The change linked above does not seem to fix the CVE:

  • https://github.com/python/cpython/issues/102153

  • https://github.com/python/cpython/pull/104575 (3.11)

  • https://github.com/python/cpython/pull/104592 (3.11, 3.10)

  • https://github.com/python/cpython/pull/104593 (3.9)

  • https://github.com/python/cpython/commit/2f630e1ce18ad2e07428296532a68b11dc66ad10 (v3.12.0b1)

  • https://github.com/python/cpython/commit/610cc0ab1b760b2abaac92bd256b96191c46b941 (v3.11.4)

  • https://github.com/python/cpython/commit/f48a96a28012d28ae37a2f4587a780a5eb779946 (v3.10.12)

  • https://github.com/python/cpython/commit/d7f8a5fe07b0ff3a419ccec434cc405b21a5a304 (v3.9.17)

EPSS

Процентиль: 77%
0.0105
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-24329

CVSS3: 7.5
ubuntu
больше 2 лет назад

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

redhat логотип

CVE-2023-24329

CVSS3: 7.5
redhat
больше 2 лет назад

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

nvd логотип

CVE-2023-24329

CVSS3: 7.5
nvd
больше 2 лет назад

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

msrc логотип

CVE-2023-24329

CVSS3: 7.5
msrc
больше 2 лет назад

Описание отсутствует

suse-cvrf логотип

SUSE-SU-2023:2639-1

suse-cvrf
почти 2 года назад

Security update for python

EPSS

Процентиль: 77%
0.0105
Низкий