NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2024-11168

Summary	The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.
Publication Date	Nov. 13, 2024, 7:15 a.m.
Registration Date	Nov. 13, 2024, noon
Last Update	Nov. 14, 2024, 2:01 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5
2	https://github.com/python/cpython/pull/103849
3	https://github.com/python/cpython/issues/103848
4	https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/
5	https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550

Common Vulnerabilities List