Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-24329HistoryFeb 17, 2023 - 3:15 p.m.
CVE-2023-24329
2023-02-1715:15:12
Debian Security Bug Tracker
security-tracker.debian.org
40
python
3.11.4
urllib.parse
security issue
bypass blocklisting
blank characters
cve-2023-24329
unix
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
41.6%
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | pypy3 | < 7.3.11+dfsg-2+deb12u2 | pypy3_7.3.11+dfsg-2+deb12u2_all.deb |
| Debian | 11 | all | pypy3 | <= 7.3.5+dfsg-2+deb11u2 | pypy3_7.3.5+dfsg-2+deb11u2_all.deb |
| Debian | 999 | all | pypy3 | < 7.3.12+dfsg-1 | pypy3_7.3.12+dfsg-1_all.deb |
| Debian | 13 | all | pypy3 | < 7.3.12+dfsg-1 | pypy3_7.3.12+dfsg-1_all.deb |
| Debian | 11 | all | python2.7 | < 2.7.18-8+deb11u1 | python2.7_2.7.18-8+deb11u1_all.deb |
| Debian | 12 | all | python3.11 | < 3.11.2-6+deb12u2 | python3.11_3.11.2-6+deb12u2_all.deb |
| Debian | 999 | all | python3.11 | < 3.11.4-1 | python3.11_3.11.4-1_all.deb |
| Debian | 13 | all | python3.11 | < 3.11.4-1 | python3.11_3.11.4-1_all.deb |
| Debian | 11 | all | python3.9 | <= 3.9.2-1 | python3.9_3.9.2-1_all.deb |
Related
nessus
nessus
Fedora 37 : mingw-python3 (2023-406c1c6ed7)
2023-03-29 00:00:00
Fedora 37 : pypy (2023-acdfd145f2)
2023-06-08 00:00:00
Fedora 37 : python3.9 (2023-03599274db)
2023-06-08 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: pypy3.9-7.3.11-4.3.9.fc38
2023-05-31 17:35:04
[SECURITY] Fedora 38 Update: python3.7-3.7.16-4.fc38
2023-06-14 01:12:28
[SECURITY] Fedora 37 Update: pypy3.8-7.3.11-2.3.8.fc37
2023-06-08 02:00:28
slackware
slackware
[slackware-security] python3
2023-06-09 01:28:03
redhat
redhat
(RHSA-2023:3595) Important: python3.9 security update
2023-06-14 09:04:30
(RHSA-2023:3935) Important: python3 security update
2023-06-29 12:38:17
(RHSA-2023:3555) Important: python security update
2023-06-09 07:32:16
rocky
rocky
python27:2.7 security update
2023-06-24 18:52:51
python3.11 security update
2023-08-31 16:54:34
python3.11 security update
2023-08-31 16:55:40
cloudlinux
cloudlinux
python: Fix of CVE-2023-24329
2023-07-20 20:54:04
python: Fix of CVE-2023-24329
2023-03-06 21:09:04
cert
cert
Python Parsing Error Enabling Bypass CVE-2023-24329
2023-08-11 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-24329 affecting package python3 3.7.13-5
2023-03-16 03:40:27
CVE-2023-24329 affecting package python2 2.7.18-11
2023-03-16 03:40:27
CVE-2023-24329 affecting package python3 for versions less than 3.9.14-8
2023-10-13 16:12:18
osv
osv
Important: python27:2.7 security update
2023-06-24 18:52:51
Important: python3.9 security update
2023-08-31 16:55:39
BIT-python-2023-24329
2024-03-06 11:04:03
openvas
openvas
centos
centos
python, tkinter security update
2023-07-27 14:34:23
python3 security update
2023-07-27 14:33:45
ubuntucve
ubuntucve
CVE-2023-24329
2023-02-17 00:00:00
almalinux
almalinux
Important: python39:3.9 and python39-devel:3.9 security update
2023-06-27 00:00:00
Important: python3 security update
2023-06-14 00:00:00
Important: python3.9 security update
2023-06-14 00:00:00
amazon
amazon
Medium: python3
2023-03-17 16:34:00
redhatcve
redhatcve
CVE-2023-24329
2023-02-28 12:29:51
cloudfoundry
cloudfoundry
USN-5960-1: Python vulnerability | Cloud Foundry
2023-04-29 00:00:00
USN-6139-1: Python vulnerability | Cloud Foundry
2023-10-05 00:00:00
ibm
ibm
Security Bulletin: A vulnerability in Python may affect IBM Robotic Process Automation and result in a remote attacker bypassing security restrictions (CVE-2023-24329).
2023-11-22 20:55:44
oraclelinux
oraclelinux
python27:2.7 security update
2023-07-08 00:00:00
python38:3.8 and python38-devel:3.8 security update
2023-07-08 00:00:00
python39:3.9 and python39-devel:3.9 security update
2023-07-19 00:00:00
cvelist
cvelist
CVE-2023-24329
2023-02-17 00:00:00
ubuntu
ubuntu
Python vulnerability
2023-06-05 00:00:00
Python vulnerability
2023-03-16 00:00:00
aix
aix
AIX is affected by security restrictions bypass due to Python
2023-08-18 09:49:04
thn
thn
New Python URL Parsing Flaw Could Enable Command Execution Attacks
2023-08-12 06:03:00
cgr
cgr
CVE-2023-24329 vulnerabilities
2024-05-19 03:07:16
cve
cve
CVE-2023-24329
2023-02-17 15:15:12
githubexploit
githubexploit
Exploit for Improper Input Validation in Python
2023-08-17 10:33:52
Exploit for Improper Input Validation in Python
2023-10-05 01:55:05
Exploit for Improper Input Validation in Python
2023-10-05 01:55:05
f5
f5
K000135921 : Python urllib.parse vulnerability CVE-2023-24329
2023-08-22 00:00:00
veracode
veracode
URL Whitespace Padding Attack
2023-10-09 01:33:29
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
41.6%
Related for DEBIANCVE:CVE-2023-24329