Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. High-Severity Vulnerability in Python URL Parsing Function
Alerts

High-Severity Vulnerability in Python URL Parsing Function

14 August 2023

Python has released security updates to address a high-severity vulnerability (CVE-2023-24329) in their URL parsing library.

Successful exploitation of the vulnerability could allow an attacker to bypass domain or protocol filtering methods implemented with a blocklist by supplying a URL that starts with blank characters, resulting in arbitrary file reads and command execution.

The vulnerability affects all Python versions prior to 3.11.

Users and administrators of the affected Python versions are advised to update to the following versions immediately:

  • Versions 3.7.x to 3.7.17

  • Versions 3.8.x to 3.8.17

  • Versions 3.9.x to 3.9.17

  • Versions 3.10.x to 3.10.12

  • Versions 3.11.x to 3.11.4

  • Versions 3.12 and later

More information is available at:

https://nvd.nist.gov/vuln/detail/CVE-2023-24329

https://github.com/python/cpython/tree/3.11/Lib/urllib

https://kb.cert.org/vuls/id/127587

https://securityaffairs.com/149447/hacking/python-url-severe-vulnerability.html?amp=1

Back to top