[CVE-2024-11168] Improper validation of IPv6 and IPvFuture addresses
![](https://secure.gravatar.com/avatar/b5a0900288ad3a29fd4a5ef260486055.jpg?s=120&d=mm&r=g)
Nov. 12, 2024
9:23 p.m.
There is a MEDIUM severity vulnerability affecting CPython.
The urllib.parse.urlsplit() and urlparse() functions improperly validated
bracketed hosts ([]
), allowing hosts that weren't IPv6 or IPvFuture. This
behavior was not conformant to RFC 3986 and potentially enabled SSRF if a
URL is processed by more than one URL parser.
Please see the linked CVE ID for the latest information on affected versions:
94
Age (days ago)
94
Last active (days ago)
0 comments
1 participants
participants (1)
-
Seth Larson