- Description
- The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.
- Source
- cna@python.org
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 6.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
- cna@python.org
- CWE-20
- Hype score
- Not currently trending
🚨 Lambda Watchdog detected a new MEDIUM severity CVE 🚨 CVE-2025-0938 was detected in the latest AWS Lambda image scan affecting the python package in 18 images. Check the full report 👉 https://t.co/6EUGaPyRZk #AWS #Lambda #CVE #CloudSecurity #Serverless
@LambdaWatchdog
26 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Python, la faille critique CVE-2025-0938 pourrait permettre de contourner la politique de Sécurité dans son implémentation CPython. https://t.co/g32HnoOqTg #.Contournement de Politique Sécurité #.Correctif #.Faille #News
@NicolasCoolman
4 Feb 2025
12 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0938 The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986… https://t.co/9B2x7BXKxN
@CVEnew
31 Jan 2025
461 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes