GHSA-rw83-v3pw-m362 – safeurl-python

Package

Manager: pip
Name: safeurl-python
Vulnerable Version: <0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Withdrawn: safeurl-python contains Server-Side Request Forgery ## Withdrawn This advisory has been withdrawn as a duplicate of [GHSA-jgh8-vchw-q3g7](https://github.com/advisories/GHSA-jgh8-vchw-q3g7). ## Original Description isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF.

Metadata

Created: 2023-01-30T06:30:27Z
Modified: 2023-02-07T23:25:27Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-rw83-v3pw-m362/GHSA-rw83-v3pw-m362.json
CWE IDs: ["CWE-918"]
Alternative ID: N/A
Finding: N/A
Auto approve: 0