Description
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.
Remediation
References
Related Vulnerabilities
JBoss Application Server Improper Privilege Management Vulnerability (CVE-2012-2312)
WordPress Plugin MyBlogU Cross-Site Scripting (0.0.7)
AngularJS Inefficient Regular Expression Complexity Vulnerability (CVE-2023-26118)
Joomla Other Vulnerability (CVE-2006-1028)
WordPress Plugin Forminator-Contact Form, Payment Form & Custom Form Builder SQL Injection (1.29.2)