Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-11168

Опубликовано: 12 нояб. 2024
Источник: redhat
CVSS3: 3.7
EPSS Низкий

Описание

The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts ([]), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.

A flaw was found in Python. The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts ([]), allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery (SSRF) if a URL is processed by more than one URL parser.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10python3.12Not affected
Red Hat Enterprise Linux 8python3.11Not affected
Red Hat Enterprise Linux 8python3.12Not affected
Red Hat Enterprise Linux 9python3.11Not affected
Red Hat Enterprise Linux 9python3.12Not affected
Red Hat Enterprise Linux 8python3FixedRHSA-2024:1077904.12.2024
Red Hat Enterprise Linux 8python39FixedRHSA-2025:2353018.12.2025
Red Hat Enterprise Linux 8python39-develFixedRHSA-2025:2353018.12.2025
Red Hat Enterprise Linux 8python3FixedRHSA-2024:1077904.12.2024
Red Hat Enterprise Linux 9python3.9FixedRHSA-2024:1098312.12.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-1287
https://bugzilla.redhat.com/show_bug.cgi?id=2325776python: Improper validation of IPv6 and IPvFuture addresses

EPSS

Процентиль: 68%
0.00552
Низкий

3.7 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-11168

CVSS3: 3.7
ubuntu
больше 1 года назад

The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.

nvd логотип

CVE-2024-11168

CVSS3: 3.7
nvd
больше 1 года назад

The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.

msrc логотип

CVE-2024-11168

CVSS3: 3.7
msrc
около 1 месяца назад

Improper validation of IPv6 and IPvFuture addresses

debian логотип

CVE-2024-11168

CVSS3: 3.7
debian
больше 1 года назад

The urllib.parse.urlsplit() and urlparse() functions improperly valida ...

suse-cvrf логотип

SUSE-SU-2025:1056-1

suse-cvrf
12 месяцев назад

Security update for python3

EPSS

Процентиль: 68%
0.00552
Низкий

3.7 Low

CVSS3