12 Nov
2024
12 Nov
'24
9:23 p.m.
There is a MEDIUM severity vulnerability affecting CPython.
The urllib.parse.urlsplit() and urlparse() functions improperly validated
bracketed hosts ([]), allowing hosts that weren't IPv6 or IPvFuture. This
behavior was not conformant to RFC 3986 and potentially enabled SSRF if a
URL is processed by more than one URL parser.
Please see the linked CVE ID for the latest information on affected versions: