[New-bugs-announce] [issue30500] urllib connects to a wrong host
Nam Nguyen
report at bugs.python.org
Mon May 29 00:04:12 EDT 2017
New submission from Nam Nguyen:
Reported by Orange Tsai:
==========
Hi, Python Security Team
import urllib
from urlparse import urlparse
url = 'http://127.0.0.1#@evil.com/'
print urlparse(url).netloc # 127.0.0.1
print urllib.urlopen(url).read() # will access evil.com
I have tested on the latest version of Python 2.7.13.
==========
----------
components: Library (Lib)
messages: 294667
nosy: Nam.Nguyen
priority: normal
pull_requests: 1933
severity: normal
status: open
title: urllib connects to a wrong host
type: security
versions: Python 2.7, Python 3.7
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue30500>
_______________________________________
More information about the New-bugs-announce
mailing list