[New-bugs-announce] [issue30500] urllib connects to a wrong host

Nam Nguyen report at bugs.python.org
Mon May 29 00:04:12 EDT 2017

New submission from Nam Nguyen:

Reported by Orange Tsai:

Hi, Python Security Team

import urllib
from urlparse import urlparse

url = ''
print urlparse(url).netloc          #
print urllib.urlopen(url).read()    # will access evil.com

I have tested on the latest version of Python 2.7.13.

components: Library (Lib)
messages: 294667
nosy: Nam.Nguyen
priority: normal
pull_requests: 1933
severity: normal
status: open
title: urllib connects to a wrong host
type: security
versions: Python 2.7, Python 3.7

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list