all InfoSec news
VU#127587: Python Parsing Error Enabling Bypass CVE-2023-24329
CERT Recently Published Vulnerability Notes kb.cert.org
Overview
urllib.parse is a very basic and widely used basic URL parsing function in various applications.
Description
An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
urlparse has a parsing problem when the entire URL starts with blank characters. This problem affects both the parsing of hostname and scheme, and eventually causes any blocklisting methods to fail.
URL Parsing Security *
The urlsplit()
and …
applications attackers basic blocklisting bypass characters cve error function issue parsing problem python url