A high-severity security flaw has been disclosed in the Python URL parsing function that could be exploited to bypass domain or protocol filtering methods implemented with a blocklist, ultimately resulting in arbitrary file reads and command execution.
« urlparse has a parsing problem when the entire URL starts with blank characters, » the CERT Coordination Center (CERT/CC) said in a Friday

A high-severity security flaw has been disclosed in the Python URL parsing function that could be exploited to bypass domain or protocol filtering methods implemented with a blocklist, ultimately resulting in arbitrary file reads and command execution.
« urlparse has a parsing problem when the entire URL starts with blank characters, » the CERT Coordination Center (CERT/CC) said in a Friday