Description

An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

Remediation

References

CVE-2023-24329

Related Vulnerabilities

WordPress Plugin Wufoo Shortcode Cross-Site Scripting (1.50)

TYPO3 7PK - Security Features Vulnerability (CVE-2016-5091)

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.4)

PHP Improper Handling of Exceptional Conditions Vulnerability (CVE-2014-1943)

PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2011-0754)

Severity

High

Classification

CVE-2023-24329 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities