Author: Yebo Cao
-
A Newly Discovered Vulnerability of Python Parsing Library Allows Check Bypassing
SUNNYVALE, Calif. — A vulnerability has been discovered in Python’s native urllib.parse function (CVE-2023-24329) by cybersecurity researcher Yebo Cao. This vulnerability has the potential to enable server-side request forgery (SSRF) and remote code execution (RCE) in a wide range of scenarios by bypassing the protections set by the developer for scheme and host.