CVE-2023-24329
CVE Details
Visit the official vulnerability details page for CVE-2023-24329 to learn more.
Initial Publication
11/13/2024
Last Update
12/13/2024
Third Party Dependency
libpython2.7-minimal
NIST CVE Summary
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
CVE Severity
Our Official Summary
An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. urlparse has a parsing problem when the entire URL starts with blank characters. This problem affects both the parsing of hostname and scheme, and eventually causes any blocklisting methods to fail. Python version needs to be upgraded in the images reported.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.4.20 | ✅ No Impact | ✅ No Impact | ⚠️ Impacted | ⚠️ Impacted |
Revision History
| Date | Revision |
|---|