Veracode Vulnerability DatabaseVERACODE:43608URL Whitespace Padding Attack
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
6.9 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
41.7%
python2.7 is vulnerable to . The vulnerability exists in the urllib.parse component of the library, enabling an attacker to bypass blocklisting methods by providing a URL that begins with blank characters.
References
github.com/python/cpython/issues/102153
github.com/python/cpython/pull/99421
lists.debian.org/debian-lts-announce/2023/09/msg00022.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PEVICI7YNGGMSL3UCMWGE66QFLATH72/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DSL6NSOAXWBJJ67XPLSSC74MNKZF3BBO/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EM2XLZSTXG44TMFXF4E6VTGKR2MQCW3G/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2NY75GFDZ5T6YPN44D3VMFT5SUVTOTG/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GR5US3BYILYJ4SKBV6YBNPRUBAL5P2CN/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H23OSKC6UG6IWOQAUPW74YUHWRWVXJP7/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZTLGV2HYFF4AMYJL25VDIGAIHCU7UPA/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWC4WGXER5P6Q75RFGL7QUTPP3N5JR7T/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZEHSXSCMA4WWQKXT6QV7AAR6SWNZ2VP/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O5SP4RT3RRS434ZS2HQKQJ3VZW7YPKYR/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHHJHJRLEF3TDT2K3676CAUVRDD4CCMR/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEUN6T22UJFXR7J5F6UUHCXXPKJ2DVHI/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PURM5CFDABEWAIWZFD2MQ7ZJGCPYSQ44/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q3J5N24ECS4B6MJDRO6UAYU6GPLYBDCL/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRQHN7RWJQJHYP6E5EKESOYP5VDSHZG4/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RA2MBEEES6L46OD64OBSVUUMGKNGMOWW/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4IDB5OAR5Y4UK3HLMZBW4WEL2B7YFMJ/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZH26JGNZ5XYPZ5SAU3NKSBSPRE5OHTG/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2MZOJYGFCB5PPT6AKMAU72N7QOYWLBP/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UONZWLB4QVLQIY5CPDLEUEKH6WX4VQMC/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTOAUJNDWZDRWVSXJ354AYZYKRMT56HU/
lists.fedoraproject.org/archives/list/[email protected]/message/6PEVICI7YNGGMSL3UCMWGE66QFLATH72/
lists.fedoraproject.org/archives/list/[email protected]/message/DSL6NSOAXWBJJ67XPLSSC74MNKZF3BBO/
lists.fedoraproject.org/archives/list/[email protected]/message/EM2XLZSTXG44TMFXF4E6VTGKR2MQCW3G/
lists.fedoraproject.org/archives/list/[email protected]/message/F2NY75GFDZ5T6YPN44D3VMFT5SUVTOTG/
lists.fedoraproject.org/archives/list/[email protected]/message/GR5US3BYILYJ4SKBV6YBNPRUBAL5P2CN/
lists.fedoraproject.org/archives/list/[email protected]/message/H23OSKC6UG6IWOQAUPW74YUHWRWVXJP7/
lists.fedoraproject.org/archives/list/[email protected]/message/JZTLGV2HYFF4AMYJL25VDIGAIHCU7UPA/
lists.fedoraproject.org/archives/list/[email protected]/message/LWC4WGXER5P6Q75RFGL7QUTPP3N5JR7T/
lists.fedoraproject.org/archives/list/[email protected]/message/MZEHSXSCMA4WWQKXT6QV7AAR6SWNZ2VP/
lists.fedoraproject.org/archives/list/[email protected]/message/O5SP4RT3RRS434ZS2HQKQJ3VZW7YPKYR/
lists.fedoraproject.org/archives/list/[email protected]/message/OHHJHJRLEF3TDT2K3676CAUVRDD4CCMR/
lists.fedoraproject.org/archives/list/[email protected]/message/PEUN6T22UJFXR7J5F6UUHCXXPKJ2DVHI/
lists.fedoraproject.org/archives/list/[email protected]/message/PURM5CFDABEWAIWZFD2MQ7ZJGCPYSQ44/
lists.fedoraproject.org/archives/list/[email protected]/message/Q3J5N24ECS4B6MJDRO6UAYU6GPLYBDCL/
lists.fedoraproject.org/archives/list/[email protected]/message/QRQHN7RWJQJHYP6E5EKESOYP5VDSHZG4/
lists.fedoraproject.org/archives/list/[email protected]/message/RA2MBEEES6L46OD64OBSVUUMGKNGMOWW/
lists.fedoraproject.org/archives/list/[email protected]/message/T4IDB5OAR5Y4UK3HLMZBW4WEL2B7YFMJ/
lists.fedoraproject.org/archives/list/[email protected]/message/TZH26JGNZ5XYPZ5SAU3NKSBSPRE5OHTG/
lists.fedoraproject.org/archives/list/[email protected]/message/U2MZOJYGFCB5PPT6AKMAU72N7QOYWLBP/
lists.fedoraproject.org/archives/list/[email protected]/message/UONZWLB4QVLQIY5CPDLEUEKH6WX4VQMC/
lists.fedoraproject.org/archives/list/[email protected]/message/WTOAUJNDWZDRWVSXJ354AYZYKRMT56HU/
pointernull.com/security/python-url-parse-problem.html
security-tracker.debian.org/tracker/CVE-2023-24329
security.netapp.com/advisory/ntap-20230324-0004/
www.kb.cert.org/vuls/id/127587
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
6.9 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
41.7%