Author: Yebo Cao

A Newly Discovered Vulnerability of Python Parsing Library Allows Check Bypassing

SUNNYVALE, Calif. — A vulnerability has been discovered in Python’s native urllib.parse function (CVE-2023-24329) by cybersecurity researcher Yebo Cao. This vulnerability has the potential to enable server-side request forgery (SSRF) and remote code execution (RCE) in a wide range of scenarios by bypassing the protections set by the developer for scheme and host.

February 23, 2023

A Newly Discovered Vulnerability of Python Parsing Library Allows Check Bypassing