A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.

References

bugzilla.redhat.com/show_bug.cgi?id=2173917

nvd.nist.gov/vuln/detail/CVE-2023-24329

pointernull.com/security/python-url-parse-problem.html

www.cve.org/CVERecord?id=CVE-2023-24329

nessus 73

fedora 17

slackware 1

redhat 13

rocky 7

cloudlinux 2

cert 1

cbl_mariner 3

osv 15

openvas 35

centos 2

ubuntucve 1

almalinux 4

amazon 1

cloudfoundry 2

debiancve 1

ibm 3

oraclelinux 6

cvelist 1

ubuntu 2

aix 1

thn 1

cgr 1

cve 1

githubexploit 3

f5 1

veracode 1

nessus

Fedora 37 : mingw-python3 (2023-406c1c6ed7)

2023-03-29 00:00:00

Fedora 37 : pypy (2023-acdfd145f2)

2023-06-08 00:00:00

Fedora 37 : python3.9 (2023-03599274db)

2023-06-08 00:00:00

fedora

[SECURITY] Fedora 38 Update: pypy3.9-7.3.11-4.3.9.fc38

2023-05-31 17:35:04

[SECURITY] Fedora 38 Update: python3.7-3.7.16-4.fc38

2023-06-14 01:12:28

[SECURITY] Fedora 37 Update: pypy3.8-7.3.11-2.3.8.fc37

2023-06-08 02:00:28

slackware

[slackware-security] python3

2023-06-09 01:28:03

redhat

(RHSA-2023:3595) Important: python3.9 security update

2023-06-14 09:04:30

(RHSA-2023:3935) Important: python3 security update

2023-06-29 12:38:17

(RHSA-2023:3555) Important: python security update

2023-06-09 07:32:16

rocky

python27:2.7 security update

2023-06-24 18:52:51

python3.11 security update

2023-08-31 16:54:34

python3.11 security update

2023-08-31 16:55:40

cloudlinux

python: Fix of CVE-2023-24329

2023-07-20 20:54:04

python: Fix of CVE-2023-24329

2023-03-06 21:09:04

cert

Python Parsing Error Enabling Bypass CVE-2023-24329

2023-08-11 00:00:00

cbl_mariner

CVE-2023-24329 affecting package python3 3.7.13-5

2023-03-16 03:40:27

CVE-2023-24329 affecting package python2 2.7.18-11

2023-03-16 03:40:27

CVE-2023-24329 affecting package python3 for versions less than 3.9.14-8

2023-10-13 16:12:18

osv

Important: python27:2.7 security update

2023-06-24 18:52:51

Important: python3.9 security update

2023-08-31 16:55:39

BIT-python-2023-24329

2024-03-06 11:04:03

openvas

Fedora: Security Advisory for pypy (FEDORA-2023-690e150a39)

2023-06-01 00:00:00

Fedora: Security Advisory for python3.8 (FEDORA-2023-d8b0003ecd)

2023-06-01 00:00:00

Python < 3.7.17, 3.8.x < 3.8.17, 3.9.x < 3.9.17, 3.10.x < 3.10.12, 3.11.x < 3.11.4 RCE Vulnerability - Linux

2023-02-20 00:00:00

centos

python, tkinter security update

2023-07-27 14:34:23

python3 security update

2023-07-27 14:33:45

ubuntucve

CVE-2023-24329

2023-02-17 00:00:00

almalinux

Important: python39:3.9 and python39-devel:3.9 security update

2023-06-27 00:00:00

Important: python3 security update

2023-06-14 00:00:00

Important: python3.9 security update

2023-06-14 00:00:00

amazon

Medium: python3

2023-03-17 16:34:00

cloudfoundry

USN-5960-1: Python vulnerability | Cloud Foundry

2023-04-29 00:00:00

USN-6139-1: Python vulnerability | Cloud Foundry

2023-10-05 00:00:00

debiancve

CVE-2023-24329

2023-02-17 15:15:12

ibm

Security Bulletin: A vulnerability in Python may affect IBM Robotic Process Automation and result in a remote attacker bypassing security restrictions (CVE-2023-24329).

2023-11-22 20:55:44

Security Bulletin: AIX is affected by security restrictions bypass (CVE-2023-24329) due to Python

2023-08-24 03:46:53

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Python

2023-07-26 20:24:06

oraclelinux

python27:2.7 security update

2023-07-08 00:00:00

python38:3.8 and python38-devel:3.8 security update

2023-07-08 00:00:00

python39:3.9 and python39-devel:3.9 security update

2023-07-19 00:00:00

cvelist

CVE-2023-24329

2023-02-17 00:00:00

ubuntu

Python vulnerability

2023-06-05 00:00:00

Python vulnerability

2023-03-16 00:00:00

aix

AIX is affected by security restrictions bypass due to Python

2023-08-18 09:49:04

thn

New Python URL Parsing Flaw Could Enable Command Execution Attacks

2023-08-12 06:03:00

cgr

CVE-2023-24329 vulnerabilities

2024-05-19 03:07:16

cve

CVE-2023-24329

2023-02-17 15:15:12

githubexploit

Exploit for Improper Input Validation in Python

2023-08-17 10:33:52

Exploit for Improper Input Validation in Python

2023-10-05 01:55:05

Exploit for Improper Input Validation in Python

2023-10-05 01:55:05

K000135921 : Python urllib.parse vulnerability CVE-2023-24329

2023-08-22 00:00:00

veracode

URL Whitespace Padding Attack

2023-10-09 01:33:29

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

41.6%

JSON

Related for RH:CVE-2023-24329