Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

Urllib connects to a wrong host

Low
I
Internet Bug Bounty
Submitted None

Team Summary

Official summary from Internet Bug Bounty

The urllib module doesn’t parse correctly password containing the # character. - Disclosure date: 2017-05-29 (Python issue #30500 reported) - Reported at: 2017-03-04 (Orange Tsai on the PSRT list)

Actions:
View on HackerOne
Reported by orange

Vulnerability Details

Technical details and impact analysis

Server-Side Request Forgery (SSRF)
## Description ----- The inconsistent of URL parsing and URL fetching are distinct   ## Original bug report ----- - https://bugs.python.org/issue30500 - http://python-security.readthedocs.io/vuln/bpo-30500_urllib_connects_to_a_wrong_host.html   ## Note ----- - None   Thanks :) ## Impact SSRF

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Bounty

$500.00

Submitted

Weakness

Server-Side Request Forgery (SSRF)