Lucene search
AmazonALAS2-2023-1990HistoryMar 17, 2023 - 4:34 p.m.
Medium: python3
2023-03-1716:34:00
alas.aws.amazon.com
14
python
urllib.parse
bypass
blocklisting
url
leading
characters
cve-2023-24329
update
advisory
amazon linux 2
red hat
mitre
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
8.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.6%
Issue Overview:
An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. (CVE-2023-24329)
Affected Packages:
python3
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update python3 to update your system.
New Packages:
aarch64:
python3-3.7.16-1.amzn2.0.2.aarch64
python3-libs-3.7.16-1.amzn2.0.2.aarch64
python3-devel-3.7.16-1.amzn2.0.2.aarch64
python3-tools-3.7.16-1.amzn2.0.2.aarch64
python3-tkinter-3.7.16-1.amzn2.0.2.aarch64
python3-test-3.7.16-1.amzn2.0.2.aarch64
python3-debug-3.7.16-1.amzn2.0.2.aarch64
python3-debuginfo-3.7.16-1.amzn2.0.2.aarch64
i686:
python3-3.7.16-1.amzn2.0.2.i686
python3-libs-3.7.16-1.amzn2.0.2.i686
python3-devel-3.7.16-1.amzn2.0.2.i686
python3-tools-3.7.16-1.amzn2.0.2.i686
python3-tkinter-3.7.16-1.amzn2.0.2.i686
python3-test-3.7.16-1.amzn2.0.2.i686
python3-debug-3.7.16-1.amzn2.0.2.i686
python3-debuginfo-3.7.16-1.amzn2.0.2.i686
src:
python3-3.7.16-1.amzn2.0.2.src
x86_64:
python3-3.7.16-1.amzn2.0.2.x86_64
python3-libs-3.7.16-1.amzn2.0.2.x86_64
python3-devel-3.7.16-1.amzn2.0.2.x86_64
python3-tools-3.7.16-1.amzn2.0.2.x86_64
python3-tkinter-3.7.16-1.amzn2.0.2.x86_64
python3-test-3.7.16-1.amzn2.0.2.x86_64
python3-debug-3.7.16-1.amzn2.0.2.x86_64
python3-debuginfo-3.7.16-1.amzn2.0.2.x86_64
Additional References
Red Hat: CVE-2023-24329
Mitre: CVE-2023-24329
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 2 | aarch64 | python3 | < 3.7.16-1.amzn2.0.2 | python3-3.7.16-1.amzn2.0.2.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | python3-libs | < 3.7.16-1.amzn2.0.2 | python3-libs-3.7.16-1.amzn2.0.2.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | python3-devel | < 3.7.16-1.amzn2.0.2 | python3-devel-3.7.16-1.amzn2.0.2.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | python3-tools | < 3.7.16-1.amzn2.0.2 | python3-tools-3.7.16-1.amzn2.0.2.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | python3-tkinter | < 3.7.16-1.amzn2.0.2 | python3-tkinter-3.7.16-1.amzn2.0.2.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | python3-test | < 3.7.16-1.amzn2.0.2 | python3-test-3.7.16-1.amzn2.0.2.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | python3-debug | < 3.7.16-1.amzn2.0.2 | python3-debug-3.7.16-1.amzn2.0.2.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | python3-debuginfo | < 3.7.16-1.amzn2.0.2 | python3-debuginfo-3.7.16-1.amzn2.0.2.aarch64.rpm |
| Amazon Linux | 2 | i686 | python3 | < 3.7.16-1.amzn2.0.2 | python3-3.7.16-1.amzn2.0.2.i686.rpm |
| Amazon Linux | 2 | i686 | python3-libs | < 3.7.16-1.amzn2.0.2 | python3-libs-3.7.16-1.amzn2.0.2.i686.rpm |
Related
nessus
nessus
Fedora 37 : mingw-python3 (2023-406c1c6ed7)
2023-03-29 00:00:00
Fedora 37 : pypy (2023-acdfd145f2)
2023-06-08 00:00:00
Fedora 37 : python3.9 (2023-03599274db)
2023-06-08 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: pypy3.9-7.3.11-4.3.9.fc38
2023-05-31 17:35:04
[SECURITY] Fedora 38 Update: python3.7-3.7.16-4.fc38
2023-06-14 01:12:28
[SECURITY] Fedora 38 Update: python2.7-2.7.18-31.fc38
2023-05-28 01:07:33
slackware
slackware
[slackware-security] python3
2023-06-09 01:28:03
redhat
redhat
(RHSA-2023:3595) Important: python3.9 security update
2023-06-14 09:04:30
(RHSA-2023:3935) Important: python3 security update
2023-06-29 12:38:17
(RHSA-2023:3555) Important: python security update
2023-06-09 07:32:16
rocky
rocky
python27:2.7 security update
2023-06-24 18:52:51
python3.11 security update
2023-08-31 16:54:34
python3.11 security update
2023-08-31 16:55:40
cloudlinux
cloudlinux
python: Fix of CVE-2023-24329
2023-07-20 20:54:04
python: Fix of CVE-2023-24329
2023-03-06 21:09:04
cert
cert
Python Parsing Error Enabling Bypass CVE-2023-24329
2023-08-11 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-24329 affecting package python3 3.7.13-5
2023-03-16 03:40:27
CVE-2023-24329 affecting package python2 2.7.18-11
2023-03-16 03:40:27
CVE-2023-24329 affecting package python3 for versions less than 3.9.14-8
2023-10-13 16:12:18
osv
osv
Important: python27:2.7 security update
2023-06-24 18:52:51
Important: python3.9 security update
2023-08-31 16:55:39
BIT-python-2023-24329
2024-03-06 11:04:03
openvas
openvas
almalinux
almalinux
Important: python3 security update
2023-06-14 00:00:00
Important: python39:3.9 and python39-devel:3.9 security update
2023-06-27 00:00:00
Important: python3.9 security update
2023-06-14 00:00:00
oraclelinux
oraclelinux
python27:2.7 security update
2023-07-08 00:00:00
python38:3.8 and python38-devel:3.8 security update
2023-07-08 00:00:00
python39:3.9 and python39-devel:3.9 security update
2023-07-19 00:00:00
cvelist
cvelist
CVE-2023-24329
2023-02-17 00:00:00
ubuntucve
ubuntucve
CVE-2023-24329
2023-02-17 00:00:00
centos
centos
python, tkinter security update
2023-07-27 14:34:23
python3 security update
2023-07-27 14:33:45
redhatcve
redhatcve
CVE-2023-24329
2023-02-28 12:29:51
ibm
ibm
Security Bulletin: A vulnerability in Python may affect IBM Robotic Process Automation and result in a remote attacker bypassing security restrictions (CVE-2023-24329).
2023-11-22 20:55:44
cloudfoundry
cloudfoundry
USN-5960-1: Python vulnerability | Cloud Foundry
2023-04-29 00:00:00
USN-6139-1: Python vulnerability | Cloud Foundry
2023-10-05 00:00:00
debiancve
debiancve
CVE-2023-24329
2023-02-17 15:15:12
ubuntu
ubuntu
Python vulnerability
2023-06-05 00:00:00
Python vulnerability
2023-03-16 00:00:00
aix
aix
AIX is affected by security restrictions bypass due to Python
2023-08-18 09:49:04
thn
thn
New Python URL Parsing Flaw Could Enable Command Execution Attacks
2023-08-12 06:03:00
cgr
cgr
CVE-2023-24329 vulnerabilities
2024-05-19 03:07:16
cve
cve
CVE-2023-24329
2023-02-17 15:15:12
githubexploit
githubexploit
Exploit for Improper Input Validation in Python
2023-08-17 10:33:52
Exploit for Improper Input Validation in Python
2023-10-05 01:55:05
Exploit for Improper Input Validation in Python
2023-10-05 01:55:05
f5
f5
K000135921 : Python urllib.parse vulnerability CVE-2023-24329
2023-08-22 00:00:00
veracode
veracode
URL Whitespace Padding Attack
2023-10-09 01:33:29
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
8.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.6%
Related for ALAS2-2023-1990