Improper input validation of octal strings in Python stdlib ipaddress 3.10 and below allows unauthenticated remote malicious users to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on Python stdlib ipaddress. IP address octects are left stripped instead of evaluated as valid IP addresses.
|Vulnerable Product||Search on Vulmon||Subscribe to Product|
The Python standard library
also suffers from the critical IP address validation vulnerability identical to the flaw that was reported in the "netmask" library earlier this year.
The researchers who had discovered the critical flaw in
, also discovered the same flaw in this Python module and have procured a vulnerability identifier:
The regression bug crept into Python 3.x's
module as a result of a change made in 2019 by Python maintainers.
In March, ...