A high-severity safety flaw has been discovered within the Python URL parsing operate that would permit attackers to bypass blocklist strategies and execute arbitrary instructions. The flaw happens when all the URL begins with clean characters and impacts each the parsing of hostname and scheme. The vulnerability has been assigned CVE-2023-24329 and has a CVSS rating of seven.5. It has been addressed in a number of variations of Python, together with 3.12, 3.11.x, 3.10.x, 3.9.x, 3.8.x, and three.7.x. The urllib.parse operate, which is broadly used for URL parsing, is affected by this flaw. Researchers have warned that this vulnerability may help in server-side request forgery (SSRF) and distant code execution (RCE) assaults. It can be price noting that safety fixes in Python are sometimes made with out a CVE identifier, probably leaving unpatched techniques susceptible to exploitation.
Source hyperlink