An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Fedoraproject
  • Fedora
Netapp
  • Active Iq Unified Manager
  • Management Services For Element Software
  • Management Services For Netapp Hci
  • Ontap Select Deploy Administration Utility
Python
  • Python
Redhat
  • Enterprise Linux
  • Rhel Aus
  • Rhel E4s
  • Rhel Els
  • Rhel Eus
  • Rhel Software Collections
  • Rhel Tus
  • Rhev Hypervisor

Configuration 1 [-]

OR cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:management_services_for_netapp_hci:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 6 Extended Lifecycle Support
python-0:2.6.6-69.el6_10 cpe:/o:redhat:rhel_els:6 RHSA-2023:3550 2023-06-08T00:00:00Z
Red Hat Enterprise Linux 7
python-0:2.7.5-93.el7_9 cpe:/o:redhat:enterprise_linux:7 RHSA-2023:3555 2023-06-09T00:00:00Z
python3-0:3.6.8-19.el7_9 cpe:/o:redhat:enterprise_linux:7 RHSA-2023:3556 2023-06-09T00:00:00Z
Red Hat Enterprise Linux 8
python3-0:3.6.8-51.el8_8.1 cpe:/a:redhat:enterprise_linux:8 RHSA-2023:3591 2023-06-14T00:00:00Z
python3.11-0:3.11.2-2.el8_8.1 cpe:/a:redhat:enterprise_linux:8 RHSA-2023:3594 2023-06-14T00:00:00Z
python27:2.7-8080020230609134836.392b0bf1 cpe:/a:redhat:enterprise_linux:8 RHSA-2023:3780 2023-06-22T00:00:00Z
python38:3.8-8080020230531142020.a822e92f cpe:/a:redhat:enterprise_linux:8 RHSA-2023:3781 2023-06-22T00:00:00Z
python38-devel:3.8-8080020230531142020.a822e92f cpe:/a:redhat:enterprise_linux:8 RHSA-2023:3781 2023-06-22T00:00:00Z
python39:3.9-8080020230531142208.93c2fc2f cpe:/a:redhat:enterprise_linux:8 RHSA-2023:3811 2023-06-27T00:00:00Z
python39-devel:3.9-8080020230531142208.93c2fc2f cpe:/a:redhat:enterprise_linux:8 RHSA-2023:3811 2023-06-27T00:00:00Z
python3-0:3.6.8-51.el8_8.1 cpe:/o:redhat:enterprise_linux:8 RHSA-2023:3591 2023-06-14T00:00:00Z
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions
python27:2.7-8010020230614130243.208b345f cpe:/a:redhat:rhel_e4s:8.1 RHSA-2023:3932 2023-06-29T00:00:00Z
python3-0:3.6.8-15.1.el8_1.1 cpe:/a:redhat:rhel_e4s:8.1 RHSA-2023:3936 2023-06-29T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
python27:2.7-8020020230614130117.c9f5743f cpe:/a:redhat:rhel_aus:8.2 RHSA-2023:3777 2023-06-22T00:00:00Z
python3-0:3.6.8-24.el8_2.1 cpe:/a:redhat:rhel_aus:8.2 RHSA-2023:3935 2023-06-29T00:00:00Z
python38:3.8-8020020230628091203.8c0020b9 cpe:/a:redhat:rhel_aus:8.2 RHSA-2023:4038 2023-07-12T00:00:00Z
Red Hat Enterprise Linux 8.2 Telecommunications Update Service
python27:2.7-8020020230614130117.c9f5743f cpe:/a:redhat:rhel_tus:8.2 RHSA-2023:3777 2023-06-22T00:00:00Z
python3-0:3.6.8-24.el8_2.1 cpe:/a:redhat:rhel_tus:8.2 RHSA-2023:3935 2023-06-29T00:00:00Z
python38:3.8-8020020230628091203.8c0020b9 cpe:/a:redhat:rhel_tus:8.2 RHSA-2023:4038 2023-07-12T00:00:00Z
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
python27:2.7-8020020230614130117.c9f5743f cpe:/a:redhat:rhel_e4s:8.2 RHSA-2023:3777 2023-06-22T00:00:00Z
python3-0:3.6.8-24.el8_2.1 cpe:/a:redhat:rhel_e4s:8.2 RHSA-2023:3935 2023-06-29T00:00:00Z
python38:3.8-8020020230628091203.8c0020b9 cpe:/a:redhat:rhel_e4s:8.2 RHSA-2023:4038 2023-07-12T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
python27:2.7-8040020230613113051.7c6da464 cpe:/a:redhat:rhel_aus:8.4 RHSA-2023:3931 2023-06-29T00:00:00Z
python3-0:3.6.8-39.el8_4.2 cpe:/a:redhat:rhel_aus:8.4 RHSA-2023:3934 2023-06-29T00:00:00Z
python39:3.9-8040020230614130711.63cd9eba cpe:/a:redhat:rhel_aus:8.4 RHSA-2023:4004 2023-07-10T00:00:00Z
python38:3.8-8040020230626111739.6dfe838a cpe:/a:redhat:rhel_aus:8.4 RHSA-2023:4008 2023-07-10T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
python27:2.7-8040020230613113051.7c6da464 cpe:/a:redhat:rhel_tus:8.4 RHSA-2023:3931 2023-06-29T00:00:00Z
python3-0:3.6.8-39.el8_4.2 cpe:/a:redhat:rhel_tus:8.4 RHSA-2023:3934 2023-06-29T00:00:00Z
python39:3.9-8040020230614130711.63cd9eba cpe:/a:redhat:rhel_tus:8.4 RHSA-2023:4004 2023-07-10T00:00:00Z
python38:3.8-8040020230626111739.6dfe838a cpe:/a:redhat:rhel_tus:8.4 RHSA-2023:4008 2023-07-10T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
python27:2.7-8040020230613113051.7c6da464 cpe:/a:redhat:rhel_e4s:8.4 RHSA-2023:3931 2023-06-29T00:00:00Z
python3-0:3.6.8-39.el8_4.2 cpe:/a:redhat:rhel_e4s:8.4 RHSA-2023:3934 2023-06-29T00:00:00Z
python39:3.9-8040020230614130711.63cd9eba cpe:/a:redhat:rhel_e4s:8.4 RHSA-2023:4004 2023-07-10T00:00:00Z
python38:3.8-8040020230626111739.6dfe838a cpe:/a:redhat:rhel_e4s:8.4 RHSA-2023:4008 2023-07-10T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
python39:3.9-8060020230614130816.6a631399 cpe:/a:redhat:rhel_eus:8.6 RHSA-2023:3776 2023-06-22T00:00:00Z
python39-devel:3.9-8060020230614130816.6a631399 cpe:/a:redhat:rhel_eus:8.6 RHSA-2023:3776 2023-06-22T00:00:00Z
python3-0:3.6.8-47.el8_6.1 cpe:/a:redhat:rhel_eus:8.6 RHSA-2023:3796 2023-06-26T00:00:00Z
python27:2.7-8060020230612150703.2aa69ce4 cpe:/a:redhat:rhel_eus:8.6 RHSA-2023:3810 2023-06-27T00:00:00Z
python38:3.8-8060020230627164849.e505919a cpe:/a:redhat:rhel_eus:8.6 RHSA-2023:4032 2023-07-12T00:00:00Z
python38-devel:3.8-8060020230627164849.e505919a cpe:/a:redhat:rhel_eus:8.6 RHSA-2023:4032 2023-07-12T00:00:00Z
Red Hat Enterprise Linux 9
python3.11-0:3.11.2-2.el9_2.1 cpe:/a:redhat:enterprise_linux:9 RHSA-2023:3585 2023-06-14T00:00:00Z
python3.9-0:3.9.16-1.el9_2.1 cpe:/a:redhat:enterprise_linux:9 RHSA-2023:3595 2023-06-14T00:00:00Z
python3.9-0:3.9.16-1.el9_2.1 cpe:/o:redhat:enterprise_linux:9 RHSA-2023:3595 2023-06-14T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
python3.9-0:3.9.10-4.el9_0.1 cpe:/a:redhat:rhel_eus:9.0 RHSA-2023:4203 2023-07-18T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7
rh-python38-python-0:3.8.18-2.el7 cpe:/a:redhat:rhel_software_collections:3::el7 RHSA-2023:6793 2023-11-08T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
redhat-virtualization-host-0:4.5.3-202307191258_8.6 cpe:/o:redhat:rhev_hypervisor:4.4::el8 RHSA-2023:4282 2023-07-26T00:00:00Z
References
Link Providers
https://github.com/python/cpython/issues/102153 cve-icon cve-icon
https://github.com/python/cpython/pull/99421 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PEVICI7YNGGMSL3UCMWGE66QFLATH72/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DSL6NSOAXWBJJ67XPLSSC74MNKZF3BBO/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EM2XLZSTXG44TMFXF4E6VTGKR2MQCW3G/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2NY75GFDZ5T6YPN44D3VMFT5SUVTOTG/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GR5US3BYILYJ4SKBV6YBNPRUBAL5P2CN/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H23OSKC6UG6IWOQAUPW74YUHWRWVXJP7/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZTLGV2HYFF4AMYJL25VDIGAIHCU7UPA/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWC4WGXER5P6Q75RFGL7QUTPP3N5JR7T/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZEHSXSCMA4WWQKXT6QV7AAR6SWNZ2VP/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O5SP4RT3RRS434ZS2HQKQJ3VZW7YPKYR/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHHJHJRLEF3TDT2K3676CAUVRDD4CCMR/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEUN6T22UJFXR7J5F6UUHCXXPKJ2DVHI/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PURM5CFDABEWAIWZFD2MQ7ZJGCPYSQ44/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q3J5N24ECS4B6MJDRO6UAYU6GPLYBDCL/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRQHN7RWJQJHYP6E5EKESOYP5VDSHZG4/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RA2MBEEES6L46OD64OBSVUUMGKNGMOWW/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4IDB5OAR5Y4UK3HLMZBW4WEL2B7YFMJ/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZH26JGNZ5XYPZ5SAU3NKSBSPRE5OHTG/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2MZOJYGFCB5PPT6AKMAU72N7QOYWLBP/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UONZWLB4QVLQIY5CPDLEUEKH6WX4VQMC/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTOAUJNDWZDRWVSXJ354AYZYKRMT56HU/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-24329 cve-icon
https://pointernull.com/security/python-url-parse-problem.html cve-icon cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20230324-0004/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-24329 cve-icon
https://www.kb.cert.org/vuls/id/127587 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-02-17T00:00:00

Updated: 2024-08-02T10:56:03.505Z

Reserved: 2023-01-23T00:00:00

Link: CVE-2023-24329

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-02-17T15:15:12.243

Modified: 2023-11-07T04:08:25.790

Link: CVE-2023-24329

cve-icon Redhat

Severity : Important

Publid Date: 2023-02-17T00:00:00Z

Links: CVE-2023-24329 - Bugzilla