- Description
- The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.
- Source
- cna@python.org
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 6.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
- cna@python.org
- CWE-20
- Hype score
- Not currently trending
Python, la faille critique CVE-2025-0938 pourrait permettre de contourner la politique de Sécurité dans son implémentation CPython. https://t.co/g32HnoOqTg #.Contournement de Politique Sécurité #.Correctif #.Faille #News
@NicolasCoolman
4 Feb 2025
12 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0938 The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986… https://t.co/9B2x7BXKxN
@CVEnew
31 Jan 2025
461 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes