There is a MEDIUM severity vulnerability affecting CPython. The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.
Please see the linked CVE ID for the latest information on affected versions: * https://www.cve.org/cverecord?id=CVE-2024-11168 * https://github.com/python/cpython/pull/103849
_______________________________________________ Security-announce mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3/lists/security-announce.python.org/ Member address: [email protected]
