Описание
Withdrawn: safeurl-python contains Server-Side Request Forgery
Withdrawn
This advisory has been withdrawn as a duplicate of GHSA-jgh8-vchw-q3g7.
Original Description
isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF.
Пакеты
Наименование
safeurl-python
pip
Затронутые версииВерсия исправления
< 1.2
1.2
5.3 Medium
CVSS3
Дефекты
CWE-918
5.3 Medium
CVSS3
Дефекты
CWE-918