Description
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.
Remediation
References
Related Vulnerabilities
SharePoint Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-24955)
WordPress Plugin Drag and Drop Multiple File Upload-Contact Form 7 Cross-Site Scripting (1.3.6.2)
Joomla CVE-2026-48899 Vulnerability (CVE-2026-48899)
Oracle HTTP Server NULL Pointer Dereference Vulnerability (CVE-2021-34798)