Description
Improper input validation of octal strings in Python stdlib ipaddress 3.10 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on Python stdlib ipaddress. IP address octects are left stripped instead of evaluated as valid IP addresses.
Remediation
References
Related Vulnerabilities
MediaWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-1055)
Apache Tomcat CVE-2022-29885 Vulnerability (CVE-2022-29885)
WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Privilege Escalation (5.8.9)
WordPress 4.5.x Denial of Service Vulnerability (4.5 - 4.5.13)
WordPress Plugin Easy Digital Downloads-Recent Purchases Remote File Inclusion (1.0.2)