all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

VU#127587: Python Parsing Error Enabling Bypass CVE-2023-24329

Add to bookmarks
Aug. 11, 2023, 10:22 p.m. |

CERT Recently Published Vulnerability Notes kb.cert.org

Overview


urllib.parse is a very basic and widely used basic URL parsing function in various applications.


Description


An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.


urlparse has a parsing problem when the entire URL starts with blank characters. This problem affects both the parsing of hostname and scheme, and eventually causes any blocklisting methods to fail.


URL Parsing Security *


The urlsplit() and …

applications attackers basic blocklisting bypass characters cve error function issue parsing problem python url

Visit resource

More from kb.cert.org / CERT Recently Published Vulnerability Notes

VU#163057: BMC software fails to validate IPMI session. 1 week ago | kb.cert.org
abuse access attacker baseboard management controller +17
VU#238194: R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds … 1 week, 1 day ago | kb.cert.org
arbitrary code arbitrary code execution attacker can +15
VU#253266: Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models 3 weeks ago | kb.cert.org
application arbitrary code attacker attackers +14
VU#123335: Multiple Programming Languages Fail to Escape Arguments Properly in Microsoft Windows 3 weeks, 6 days ago | kb.cert.org
arbitrary code attackers cases code +15
VU#155143: Linux kernel on Intel systems is susceptible to Spectre v2 attacks 4 weeks ago | kb.cert.org
architectures attacker attacks bhi +20
VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks 1 month ago | kb.cert.org
attacks can dos fragments +6
VU#417980: UDP-based, application-layer protocol implementations are vulnerable to network loops 1 month, 2 weeks ago | kb.cert.org
abuse application applications attacker +18
VU#488902: CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions 1 month, 3 weeks ago | kb.cert.org
architectures attacker can conditions +13
VU#949046: Sceiner firmware locks and associated devices are vulnerable to encryption downgrade and arbitrary file … 2 months ago | kb.cert.org
app attacks bluetooth called +11

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Network Security Analyst

@ Wiz | Tel Aviv
View on infosec-jobs.com

Penetration Testing Staff Engineer- Turkey Remote

@ SonicWall | Istanbul, Istanbul, Türkiye
View on infosec-jobs.com

Physical Security Engineer

@ Microsoft | Atlanta, Georgia, United States
View on infosec-jobs.com

Junior Security Consultant (m/w/d)

@ Deutsche Telekom | Berlin, Deutschland
View on infosec-jobs.com

Senior Cybersecurity Product Specialist - Security Endpoint Protection

@ Pacific Gas and Electric Company | San Ramon, CA, US, 94583
View on infosec-jobs.com

Security Engineer, Pre-Sales (PA/NJ)

@ Vectra | US - South New Jersey, US - Pennsylvania
View on infosec-jobs.com
View more jobs