Vulnerability CVE-2023-24329: Information
Description
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
python3 | sisyphus | 3.11.0-alt1 | 3.12.2-alt1 | ALT-PU-2023-1951-1 | 311250 | Fixed |
python3 | sisyphus_e2k | 3.11.4-alt1 | 3.12.2-alt1 | ALT-PU-2023-3859-1 | - | Fixed |
python3 | sisyphus_riscv64 | 3.11.0-alt1 | 3.12.2-alt1 | ALT-PU-2023-3923-1 | - | Fixed |
python3 | p10 | 3.9.18-alt1 | 3.9.18-alt1 | ALT-PU-2024-2511-3 | 340781 | Fixed |
python3 | p10_e2k | 3.9.18-alt1 | 3.9.18-alt1 | ALT-PU-2024-3765-1 | - | Fixed |
python3 | p9 | 3.7.17-alt1 | 3.7.17-alt1 | ALT-PU-2024-2598-2 | 340935 | Fixed |
python3 | c10f1 | 3.9.18-alt0.c10f1.1 | 3.9.18-alt0.c10f1.1 | ALT-PU-2024-6382-3 | 344932 | Fixed |
python3 | c9f2 | 3.7.17-alt1 | 3.7.17-alt1 | ALT-PU-2024-3474-2 | 342077 | Fixed |