Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2024-11168

Опубликовано: 12 нояб. 2024
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 3.7

Описание

The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts ([]), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.

РелизСтатусПримечание
devel

DNE

esm-apps/focal

released

2.7.18-1~20.04.7+esm6
esm-apps/jammy

released

2.7.18-13ubuntu1.5+esm5
esm-infra-legacy/trusty

released

2.7.6-8ubuntu0.6+esm24
esm-infra/bionic

released

2.7.17-1~18.04ubuntu1.13+esm10
esm-infra/xenial

released

2.7.12-1ubuntu0~16.04.18+esm15
focal

ignored

end of standard support, was needed
jammy

needed

noble

DNE

oracular

DNE

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

released

3.10.12-1~22.04.8
noble

DNE

oracular

DNE

plucky

DNE

upstream

released

3.10.16

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/jammy

released

3.11.0~rc1-1~22.04.1~esm2
esm-infra/focal

DNE

focal

DNE

jammy

needed

noble

DNE

oracular

DNE

plucky

DNE

upstream

released

3.11.4

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

DNE

noble

not-affected

3.12.3-1
oracular

not-affected

3.12.7-1
plucky

DNE

upstream

released

3.12.0b1

Показывать по

РелизСтатусПримечание
devel

not-affected

3.13.0-2
esm-infra/focal

DNE

focal

DNE

jammy

DNE

noble

DNE

oracular

not-affected

3.13.0-1
plucky

not-affected

3.13.0-2
upstream

DNE

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra-legacy/trusty

released

3.4.3-1ubuntu1~14.04.7+esm14
esm-infra/focal

DNE

focal

DNE

jammy

DNE

noble

DNE

oracular

DNE

plucky

DNE

trusty/esm

ignored

end of ESM support, was deferred [2024-11-18]
upstream

DNE

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra-legacy/trusty

released

3.5.2-2ubuntu0~16.04.4~14.04.1+esm4
esm-infra/focal

DNE

esm-infra/xenial

released

3.5.2-2ubuntu0~16.04.13+esm16
focal

DNE

jammy

DNE

noble

DNE

oracular

DNE

plucky

DNE

trusty/esm

ignored

end of ESM support, was deferred [2024-11-18]

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/bionic

released

3.6.9-1~18.04ubuntu1.13+esm3
esm-infra/focal

DNE

focal

DNE

jammy

DNE

noble

DNE

oracular

DNE

plucky

DNE

upstream

DNE

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/bionic

released

3.7.5-2ubuntu1~18.04.2+esm4
esm-infra/focal

DNE

focal

DNE

jammy

DNE

noble

DNE

oracular

DNE

plucky

DNE

upstream

DNE

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/bionic

released

3.8.0-3ubuntu1~18.04.2+esm3
esm-infra/focal

not-affected

3.8.10-0ubuntu1~20.04.14
focal

released

3.8.10-0ubuntu1~20.04.14
jammy

DNE

noble

DNE

oracular

DNE

plucky

DNE

upstream

DNE

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/focal

released

3.9.5-3ubuntu0~20.04.1+esm3
focal

ignored

end of standard support, was needed
jammy

DNE

noble

DNE

oracular

DNE

plucky

DNE

upstream

released

3.9.21

Показывать по

Ссылки на источники

EPSS

Процентиль: 42%
0.00198
Низкий

3.7 Low

CVSS3

Связанные уязвимости

redhat логотип

CVE-2024-11168

CVSS3: 3.7
redhat
7 месяцев назад

The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.

nvd логотип

CVE-2024-11168

CVSS3: 3.7
nvd
7 месяцев назад

The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.

msrc логотип

CVE-2024-11168

CVSS3: 3.7
msrc
7 месяцев назад

Описание отсутствует

debian логотип

CVE-2024-11168

CVSS3: 3.7
debian
7 месяцев назад

The urllib.parse.urlsplit() and urlparse() functions improperly valida ...

suse-cvrf логотип

SUSE-SU-2025:1056-1

suse-cvrf
3 месяца назад

Security update for python3

EPSS

Процентиль: 42%
0.00198
Низкий

3.7 Low

CVSS3

Уязвимость CVE-2024-11168