The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.
Metrics
Affected Vendors & Products
References
History
Wed, 13 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Python Software Foundation
Python Software Foundation cpython |
|
Weaknesses | CWE-918 | |
CPEs | cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:* | |
Vendors & Products |
Python Software Foundation
Python Software Foundation cpython |
|
Metrics |
ssvc
|
Wed, 13 Nov 2024 01:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-1287 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Tue, 12 Nov 2024 21:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Tue, 12 Nov 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. | |
Title | Improper validation of IPv6 and IPvFuture addresses | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: PSF
Published: 2024-11-12T21:22:23.438Z
Updated: 2024-11-13T15:14:10.911Z
Reserved: 2024-11-12T21:13:15.779Z
Link: CVE-2024-11168
Vulnrichment
Updated: 2024-11-13T15:13:53.557Z
NVD
Status : Awaiting Analysis
Published: 2024-11-12T22:15:14.920
Modified: 2024-11-13T17:01:16.850
Link: CVE-2024-11168
Redhat