Skip to content

Backport CVE-2023-24329 to all in-service releases: urlparse does not correctly handle schemes that begin with ASCII digits, '+', '-', and '.' characters  #102293

New issue
New issue
Closed as not planned
Closed as not planned
Backport CVE-2023-24329 to all in-service releases: urlparse does not correctly handle schemes that begin with ASCII digits, '+', '-', and '.' characters #102293
Labels
type-featureA feature request or enhancementtype-securityA security issue
@RSAlderman

Description

@RSAlderman
RSAlderman
opened on Feb 27, 2023

Feature or enhancement

Backport CVE-2023-24329 (CVSS 7.5: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) to all in-service releases: urlparse does not correctly handle schemes that begin with ASCII digits, '+', '-', and '.' characters which was backported to 3.11.1 only

Pitch

This is a security vulnerability that has only been backported to 3.11.1, not the other releases (3.7-3.10) that are currently supported.

Previous discussion

Is it possible to get an idea of a timescale for such as backport to be implemented in the earlier supported releases?

Metadata

Metadata

Assignees

No one assigned

    Labels

    type-featureA feature request or enhancementtype-securityA security issue

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions