CVE-2023-24329
Published Feb 17, 2023
Last updated a year ago
Overview
- Description
- An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- CWE-20
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CC324629-0240-4DC0-BAFA-D476D5FDDA61",
"versionEndExcluding": "3.7.17"
},
{
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0A6B1607-9E1F-4A14-918F-B1A1786D028E",
"versionEndExcluding": "3.8.17",
"versionStartIncluding": "3.8.0"
},
{
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0287FC5A-256F-40EE-93D0-2DFFE38BB5A1",
"versionEndExcluding": "3.9.17",
"versionStartIncluding": "3.9.0"
},
{
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4AA7FA11-C746-4E69-94C2-18E745D82054",
"versionEndExcluding": "3.10.12",
"versionStartIncluding": "3.10.0"
},
{
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD14A157-FEA9-411F-B338-F1B6F726599D",
"versionEndExcluding": "3.11.4",
"versionStartIncluding": "3.11.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"vulnerable": true,
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE"
},
{
"criteria": "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "86B51137-28D9-41F2-AFA2-3CC22B4954D1"
},
{
"criteria": "cpe:2.3:a:netapp:management_services_for_netapp_hci:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4455CF3A-CC91-4BE4-A7AB-929AC82E34F5"
},
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797"
}
],
"operator": "OR"
}
]
}
]