Skip to main content
Version: latest

CVE-2023-24329

CVE Details

CVE-2023-24329

Last Update

9/13/24

NIST CVE Summary

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

Our Official Summary

An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. urlparse has a parsing problem when the entire URL starts with blank characters. This problem affects both the parsing of hostname and scheme, and eventually causes any blocklisting methods to fail. Python version needs to be upgraded in the images reported.

CVE Severity

7.5

Status

Ongoing

Affected Products & Versions

  • Palette VerteX 4.4.18

Revision History

  • 1.0 9/13/2024 Initial Publication
  • 2.0 9/13/2024 Added Palette VerteX 4.4.18 to Affected Products