Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. High-Severity Vulnerability in Python URL Parsing Function
Alerts

High-Severity Vulnerability in Python URL Parsing Function

14 August 2023

Python has released security updates to address a high-severity vulnerability (CVE-2023-24329) in their URL parsing library.

Successful exploitation of the vulnerability could allow an attacker to bypass domain or protocol filtering methods implemented with a blocklist by supplying a URL that starts with blank characters, resulting in arbitrary file reads and command execution.

The vulnerability affects all Python versions prior to 3.11.

Users and administrators of the affected Python versions are advised to update to the following versions immediately:

  • Versions 3.7.x to 3.7.17

  • Versions 3.8.x to 3.8.17

  • Versions 3.9.x to 3.9.17

  • Versions 3.10.x to 3.10.12

  • Versions 3.11.x to 3.11.4

  • Versions 3.12 and later

More information is available at:

https://nvd.nist.gov/vuln/detail/CVE-2023-24329

https://github.com/python/cpython/tree/3.11/Lib/urllib

https://kb.cert.org/vuls/id/127587

https://securityaffairs.com/149447/hacking/python-url-severe-vulnerability.html?amp=1

Back to top