An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.01436.

Exploitation none

Automatable yes

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
n/a n/a affected
Version Status Constraints
n/a affected

Configuration 1 [-]

OR cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:management_services_for_netapp_hci:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 6 Extended Lifecycle Support
python-0:2.6.6-69.el6_10 cpe:/o:redhat:rhel_els:6 RHSA-2023:3550 2023-06-08T00:00:00Z
Red Hat Enterprise Linux 7
python-0:2.7.5-93.el7_9 cpe:/o:redhat:enterprise_linux:7 RHSA-2023:3555 2023-06-09T00:00:00Z
python3-0:3.6.8-19.el7_9 cpe:/o:redhat:enterprise_linux:7 RHSA-2023:3556 2023-06-09T00:00:00Z
Red Hat Enterprise Linux 8
python3-0:3.6.8-51.el8_8.1 cpe:/a:redhat:enterprise_linux:8 RHSA-2023:3591 2023-06-14T00:00:00Z
python3.11-0:3.11.2-2.el8_8.1 cpe:/a:redhat:enterprise_linux:8 RHSA-2023:3594 2023-06-14T00:00:00Z
python27:2.7-8080020230609134836.392b0bf1 cpe:/a:redhat:enterprise_linux:8 RHSA-2023:3780 2023-06-22T00:00:00Z
python38:3.8-8080020230531142020.a822e92f cpe:/a:redhat:enterprise_linux:8 RHSA-2023:3781 2023-06-22T00:00:00Z
python38-devel:3.8-8080020230531142020.a822e92f cpe:/a:redhat:enterprise_linux:8 RHSA-2023:3781 2023-06-22T00:00:00Z
python39:3.9-8080020230531142208.93c2fc2f cpe:/a:redhat:enterprise_linux:8 RHSA-2023:3811 2023-06-27T00:00:00Z
python39-devel:3.9-8080020230531142208.93c2fc2f cpe:/a:redhat:enterprise_linux:8 RHSA-2023:3811 2023-06-27T00:00:00Z
python3-0:3.6.8-51.el8_8.1 cpe:/o:redhat:enterprise_linux:8 RHSA-2023:3591 2023-06-14T00:00:00Z
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions
python27:2.7-8010020230614130243.208b345f cpe:/a:redhat:rhel_e4s:8.1 RHSA-2023:3932 2023-06-29T00:00:00Z
python3-0:3.6.8-15.1.el8_1.1 cpe:/a:redhat:rhel_e4s:8.1 RHSA-2023:3936 2023-06-29T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
python27:2.7-8020020230614130117.c9f5743f cpe:/a:redhat:rhel_aus:8.2 RHSA-2023:3777 2023-06-22T00:00:00Z
python3-0:3.6.8-24.el8_2.1 cpe:/a:redhat:rhel_aus:8.2 RHSA-2023:3935 2023-06-29T00:00:00Z
python38:3.8-8020020230628091203.8c0020b9 cpe:/a:redhat:rhel_aus:8.2 RHSA-2023:4038 2023-07-12T00:00:00Z
Red Hat Enterprise Linux 8.2 Telecommunications Update Service
python27:2.7-8020020230614130117.c9f5743f cpe:/a:redhat:rhel_tus:8.2 RHSA-2023:3777 2023-06-22T00:00:00Z
python3-0:3.6.8-24.el8_2.1 cpe:/a:redhat:rhel_tus:8.2 RHSA-2023:3935 2023-06-29T00:00:00Z
python38:3.8-8020020230628091203.8c0020b9 cpe:/a:redhat:rhel_tus:8.2 RHSA-2023:4038 2023-07-12T00:00:00Z
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
python27:2.7-8020020230614130117.c9f5743f cpe:/a:redhat:rhel_e4s:8.2 RHSA-2023:3777 2023-06-22T00:00:00Z
python3-0:3.6.8-24.el8_2.1 cpe:/a:redhat:rhel_e4s:8.2 RHSA-2023:3935 2023-06-29T00:00:00Z
python38:3.8-8020020230628091203.8c0020b9 cpe:/a:redhat:rhel_e4s:8.2 RHSA-2023:4038 2023-07-12T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
python27:2.7-8040020230613113051.7c6da464 cpe:/a:redhat:rhel_aus:8.4 RHSA-2023:3931 2023-06-29T00:00:00Z
python3-0:3.6.8-39.el8_4.2 cpe:/a:redhat:rhel_aus:8.4 RHSA-2023:3934 2023-06-29T00:00:00Z
python39:3.9-8040020230614130711.63cd9eba cpe:/a:redhat:rhel_aus:8.4 RHSA-2023:4004 2023-07-10T00:00:00Z
python38:3.8-8040020230626111739.6dfe838a cpe:/a:redhat:rhel_aus:8.4 RHSA-2023:4008 2023-07-10T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
python27:2.7-8040020230613113051.7c6da464 cpe:/a:redhat:rhel_tus:8.4 RHSA-2023:3931 2023-06-29T00:00:00Z
python3-0:3.6.8-39.el8_4.2 cpe:/a:redhat:rhel_tus:8.4 RHSA-2023:3934 2023-06-29T00:00:00Z
python39:3.9-8040020230614130711.63cd9eba cpe:/a:redhat:rhel_tus:8.4 RHSA-2023:4004 2023-07-10T00:00:00Z
python38:3.8-8040020230626111739.6dfe838a cpe:/a:redhat:rhel_tus:8.4 RHSA-2023:4008 2023-07-10T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
python27:2.7-8040020230613113051.7c6da464 cpe:/a:redhat:rhel_e4s:8.4 RHSA-2023:3931 2023-06-29T00:00:00Z
python3-0:3.6.8-39.el8_4.2 cpe:/a:redhat:rhel_e4s:8.4 RHSA-2023:3934 2023-06-29T00:00:00Z
python39:3.9-8040020230614130711.63cd9eba cpe:/a:redhat:rhel_e4s:8.4 RHSA-2023:4004 2023-07-10T00:00:00Z
python38:3.8-8040020230626111739.6dfe838a cpe:/a:redhat:rhel_e4s:8.4 RHSA-2023:4008 2023-07-10T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
python39:3.9-8060020230614130816.6a631399 cpe:/a:redhat:rhel_eus:8.6 RHSA-2023:3776 2023-06-22T00:00:00Z
python39-devel:3.9-8060020230614130816.6a631399 cpe:/a:redhat:rhel_eus:8.6 RHSA-2023:3776 2023-06-22T00:00:00Z
python3-0:3.6.8-47.el8_6.1 cpe:/a:redhat:rhel_eus:8.6 RHSA-2023:3796 2023-06-26T00:00:00Z
python27:2.7-8060020230612150703.2aa69ce4 cpe:/a:redhat:rhel_eus:8.6 RHSA-2023:3810 2023-06-27T00:00:00Z
python38:3.8-8060020230627164849.e505919a cpe:/a:redhat:rhel_eus:8.6 RHSA-2023:4032 2023-07-12T00:00:00Z
python38-devel:3.8-8060020230627164849.e505919a cpe:/a:redhat:rhel_eus:8.6 RHSA-2023:4032 2023-07-12T00:00:00Z
Red Hat Enterprise Linux 9
python3.11-0:3.11.2-2.el9_2.1 cpe:/a:redhat:enterprise_linux:9 RHSA-2023:3585 2023-06-14T00:00:00Z
python3.9-0:3.9.16-1.el9_2.1 cpe:/a:redhat:enterprise_linux:9 RHSA-2023:3595 2023-06-14T00:00:00Z
python3.9-0:3.9.16-1.el9_2.1 cpe:/o:redhat:enterprise_linux:9 RHSA-2023:3595 2023-06-14T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
python3.9-0:3.9.10-4.el9_0.1 cpe:/a:redhat:rhel_eus:9.0 RHSA-2023:4203 2023-07-18T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7
rh-python38-python-0:3.8.18-2.el7 cpe:/a:redhat:rhel_software_collections:3::el7 RHSA-2023:6793 2023-11-08T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
redhat-virtualization-host-0:4.5.3-202307191258_8.6 cpe:/o:redhat:rhev_hypervisor:4.4::el8 RHSA-2023:4282 2023-07-26T00:00:00Z

No data.

Project Subscriptions

Vendors Products
Fedoraproject Subscribe
Fedora Subscribe
Netapp Subscribe
Active Iq Unified Manager Subscribe
Management Services For Element Software Subscribe
Management Services For Netapp Hci Subscribe
Ontap Select Deploy Administration Utility Subscribe
Python Subscribe
Python Subscribe
Redhat Subscribe
Enterprise Linux Subscribe
Rhel Aus Subscribe
Rhel E4s Subscribe
Rhel Els Subscribe
Rhel Eus Subscribe
Rhel Software Collections Subscribe
Rhel Tus Subscribe
Rhev Hypervisor Subscribe
Advisories
Source ID Title
Debian DLA Debian DLA DLA-3575-1 python2.7 security update
Debian DLA Debian DLA DLA-3948-1 pypy3 security update
Debian DLA Debian DLA DLA-3980-1 python3.9 security update
EUVD EUVD EUVD-2023-28385 An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
Ubuntu USN Ubuntu USN USN-5888-1 Python vulnerabilities
Ubuntu USN Ubuntu USN USN-5960-1 Python vulnerability
Ubuntu USN Ubuntu USN USN-6139-1 Python vulnerability
Ubuntu USN Ubuntu USN USN-6891-1 Python vulnerabilities
Ubuntu USN Ubuntu USN USN-7180-1 Python vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://github.com/python/cpython/issues/102153 cve-icon cve-icon
https://github.com/python/cpython/pull/99421 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2024/11/msg00005.html cve-icon
https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PEVICI7YNGGMSL3UCMWGE66QFLATH72/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DSL6NSOAXWBJJ67XPLSSC74MNKZF3BBO/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EM2XLZSTXG44TMFXF4E6VTGKR2MQCW3G/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2NY75GFDZ5T6YPN44D3VMFT5SUVTOTG/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GR5US3BYILYJ4SKBV6YBNPRUBAL5P2CN/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H23OSKC6UG6IWOQAUPW74YUHWRWVXJP7/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZTLGV2HYFF4AMYJL25VDIGAIHCU7UPA/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWC4WGXER5P6Q75RFGL7QUTPP3N5JR7T/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZEHSXSCMA4WWQKXT6QV7AAR6SWNZ2VP/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O5SP4RT3RRS434ZS2HQKQJ3VZW7YPKYR/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHHJHJRLEF3TDT2K3676CAUVRDD4CCMR/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEUN6T22UJFXR7J5F6UUHCXXPKJ2DVHI/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PURM5CFDABEWAIWZFD2MQ7ZJGCPYSQ44/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q3J5N24ECS4B6MJDRO6UAYU6GPLYBDCL/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRQHN7RWJQJHYP6E5EKESOYP5VDSHZG4/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RA2MBEEES6L46OD64OBSVUUMGKNGMOWW/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4IDB5OAR5Y4UK3HLMZBW4WEL2B7YFMJ/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZH26JGNZ5XYPZ5SAU3NKSBSPRE5OHTG/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2MZOJYGFCB5PPT6AKMAU72N7QOYWLBP/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UONZWLB4QVLQIY5CPDLEUEKH6WX4VQMC/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTOAUJNDWZDRWVSXJ354AYZYKRMT56HU/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-24329 cve-icon
https://pointernull.com/security/python-url-parse-problem.html cve-icon cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20230324-0004/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-24329 cve-icon
https://www.kb.cert.org/vuls/id/127587 cve-icon cve-icon
History

Mon, 03 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Tue, 18 Mar 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-11-03T21:47:22.781Z

Reserved: 2023-01-23T00:00:00.000Z

Link: CVE-2023-24329

cve-icon Vulnrichment

Updated: 2025-11-03T21:47:22.781Z

cve-icon NVD

Status : Modified

Published: 2023-02-17T15:15:12.243

Modified: 2025-11-03T22:16:05.300

Link: CVE-2023-24329

cve-icon Redhat

Severity : Important

Publid Date: 2023-02-17T00:00:00Z

Links: CVE-2023-24329 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses