CVE-2024-11168

EUVD-2024-34319
The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
PSFCNA
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
python_software_foundationcpython
𝑥
< 3.11.4
ADP
python_software_foundationcpython
3.12.0a1 ≤
𝑥
< 3.12.0b1
ADP
pythoncpython
𝑥
< 3.9.21
CNA
pythoncpython
3.10.0 ≤
𝑥
< 3.10.16
CNA
pythoncpython
3.11.0 ≤
𝑥
< 3.11.4
CNA
Debian logo
Debian Releases
Debian Product
Codename
pypy3
bookworm
no-dsa
bullseye
vulnerable
bullseye (security)
7.3.5+dfsg-2+deb11u5
fixed
forky
7.3.20+dfsg-4
fixed
sid
7.3.20+dfsg-4
fixed
trixie
7.3.19+dfsg-2
fixed
python3.11
bookworm
3.11.2-6+deb12u6
fixed
bookworm (security)
vulnerable
python3.9
bookworm
no-dsa
bullseye
vulnerable
bullseye (security)
3.9.2-1+deb11u3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python2.7
bionic
Fixed 2.7.17-1~18.04ubuntu1.13+esm10
released
focal
Fixed 2.7.18-1~20.04.7+esm6
released
jammy
Fixed 2.7.18-13ubuntu1.5+esm5
released
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
Fixed 2.7.6-8ubuntu0.6+esm28
released
xenial
Fixed 2.7.12-1ubuntu0~16.04.18+esm15
released
python3.4
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
Fixed 3.4.3-1ubuntu1~14.04.7+esm14
released
python3.5
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
Fixed 3.5.2-2ubuntu0~16.04.4~14.04.1+esm4
released
xenial
Fixed 3.5.2-2ubuntu0~16.04.13+esm16
released
python3.6
bionic
Fixed 3.6.9-1~18.04ubuntu1.13+esm3
released
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
python3.7
bionic
Fixed 3.7.5-2ubuntu1~18.04.2+esm4
released
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
python3.8
bionic
Fixed 3.8.0-3ubuntu1~18.04.2+esm3
released
focal
Fixed 3.8.10-0ubuntu1~20.04.14
released
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
python3.9
focal
Fixed 3.9.5-3ubuntu0~20.04.1+esm3
released
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
python3.10
focal
dne
jammy
Fixed 3.10.12-1~22.04.8
released
noble
dne
oracular
dne
plucky
dne
questing
dne
python3.11
focal
dne
jammy
Fixed 3.11.0~rc1-1~22.04.1~esm2
released
noble
dne
oracular
dne
plucky
dne
questing
dne
python3.12
focal
dne
jammy
dne
noble
not-affected
oracular
not-affected
plucky
dne
questing
dne
python3.13
focal
dne
jammy
dne
noble
dne
oracular
not-affected
plucky
not-affected
questing
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libpython2_7-1_0
suse enterprise server 12 SP3
2.7.18-28.126.1
fixed
libpython2_7-1_0-32bit
suse enterprise server 12 SP3
2.7.18-28.126.1
fixed
libpython3_10-1_0
suse enterprise server 15 SP4
3.10.16-150400.4.66.1
fixed
libpython3_4m1_0
suse enterprise server 12 SP3
3.4.10-25.158.1
fixed
libpython3_6m1_0
suse enterprise desktop 15 SP5
3.6.15-150300.10.78.1
fixed
suse enterprise desktop 15 SP6
3.6.15-150300.10.84.1
fixed
suse enterprise desktop 15 SP7
3.6.15-150300.10.84.1
fixed
suse enterprise sap 15 SP5
3.6.15-150300.10.78.1
fixed
suse enterprise sap 15 SP6
3.6.15-150300.10.84.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.84.1
fixed
suse enterprise server 12 SP3
3.6.15-6.127.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.84.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.78.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.84.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.84.1
fixed
libpython3_9-1_0
suse enterprise sap 15 SP5
3.9.20-150300.4.58.1
fixed
suse enterprise server 15 SP5
3.9.20-150300.4.58.1
fixed
python
suse enterprise server 12 SP3
2.7.18-28.126.1
fixed
python-32bit
suse enterprise server 12 SP3
2.7.18-28.126.1
fixed
python-base
suse enterprise server 12 SP3
2.7.18-28.126.1
fixed
python-base-32bit
suse enterprise server 12 SP3
2.7.18-28.126.1
fixed
python-curses
suse enterprise server 12 SP3
2.7.18-28.126.1
fixed
python-demo
suse enterprise server 12 SP3
2.7.18-28.126.1
fixed
python-devel
suse enterprise server 12 SP3
2.7.18-28.126.1
fixed
python-doc
suse enterprise server 12 SP3
2.7.18-28.126.1
fixed
python-doc-pdf
suse enterprise server 12 SP3
2.7.18-28.126.1
fixed
python-gdbm
suse enterprise server 12 SP3
2.7.18-28.126.1
fixed
python-idle
suse enterprise server 12 SP3
2.7.18-28.126.1
fixed
python-tk
suse enterprise server 12 SP3
2.7.18-28.126.1
fixed
python-xml
suse enterprise server 12 SP3
2.7.18-28.126.1
fixed
python3
suse enterprise desktop 15 SP5
3.6.15-150300.10.78.1
fixed
suse enterprise desktop 15 SP6
3.6.15-150300.10.84.1
fixed
suse enterprise desktop 15 SP7
3.6.15-150300.10.84.1
fixed
suse enterprise sap 15 SP5
3.6.15-150300.10.78.1
fixed
suse enterprise sap 15 SP6
3.6.15-150300.10.84.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.84.1
fixed
suse enterprise server 12 SP3
3.4.10-25.158.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.84.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.78.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.84.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.84.1
fixed
python3-base
suse enterprise desktop 15 SP5
3.6.15-150300.10.78.1
fixed
suse enterprise desktop 15 SP6
3.6.15-150300.10.84.1
fixed
suse enterprise desktop 15 SP7
3.6.15-150300.10.84.1
fixed
suse enterprise sap 15 SP5
3.6.15-150300.10.78.1
fixed
suse enterprise sap 15 SP6
3.6.15-150300.10.84.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.84.1
fixed
suse enterprise server 12 SP3
3.4.10-25.158.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.84.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.78.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.84.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.84.1
fixed
python3-curses
suse enterprise desktop 15 SP5
3.6.15-150300.10.78.1
fixed
suse enterprise desktop 15 SP6
3.6.15-150300.10.84.1
fixed
suse enterprise desktop 15 SP7
3.6.15-150300.10.84.1
fixed
suse enterprise sap 15 SP5
3.6.15-150300.10.78.1
fixed
suse enterprise sap 15 SP6
3.6.15-150300.10.84.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.84.1
fixed
suse enterprise server 12 SP3
3.4.10-25.158.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.84.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.78.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.84.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.84.1
fixed
python3-dbm
suse enterprise desktop 15 SP5
3.6.15-150300.10.78.1
fixed
suse enterprise desktop 15 SP6
3.6.15-150300.10.84.1
fixed
suse enterprise desktop 15 SP7
3.6.15-150300.10.84.1
fixed
suse enterprise sap 15 SP5
3.6.15-150300.10.78.1
fixed
suse enterprise sap 15 SP6
3.6.15-150300.10.84.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.84.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.84.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.78.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.84.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.84.1
fixed
python3-devel
suse enterprise desktop 15 SP5
3.6.15-150300.10.78.1
fixed
suse enterprise desktop 15 SP6
3.6.15-150300.10.84.1
fixed
suse enterprise desktop 15 SP7
3.6.15-150300.10.84.1
fixed
suse enterprise sap 15 SP5
3.6.15-150300.10.78.1
fixed
suse enterprise sap 15 SP6
3.6.15-150300.10.84.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.84.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.84.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.78.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.84.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.84.1
fixed
python3-idle
suse enterprise desktop 15 SP5
3.6.15-150300.10.78.1
fixed
suse enterprise desktop 15 SP6
3.6.15-150300.10.84.1
fixed
suse enterprise desktop 15 SP7
3.6.15-150300.10.84.1
fixed
suse enterprise sap 15 SP5
3.6.15-150300.10.78.1
fixed
suse enterprise sap 15 SP6
3.6.15-150300.10.84.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.84.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.84.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.78.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.84.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.84.1
fixed
python3-tk
suse enterprise desktop 15 SP5
3.6.15-150300.10.78.1
fixed
suse enterprise desktop 15 SP6
3.6.15-150300.10.84.1
fixed
suse enterprise desktop 15 SP7
3.6.15-150300.10.84.1
fixed
suse enterprise sap 15 SP5
3.6.15-150300.10.78.1
fixed
suse enterprise sap 15 SP6
3.6.15-150300.10.84.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.84.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.84.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.78.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.84.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.84.1
fixed
python3-tools
suse enterprise server 15 SP4
3.6.15-150300.10.84.1
fixed
python310
suse enterprise server 15 SP4
3.10.16-150400.4.66.1
fixed
python310-base
suse enterprise server 15 SP4
3.10.16-150400.4.66.1
fixed
python310-curses
suse enterprise server 15 SP4
3.10.16-150400.4.66.1
fixed
python310-dbm
suse enterprise server 15 SP4
3.10.16-150400.4.66.1
fixed
python310-devel
suse enterprise server 15 SP4
3.10.16-150400.4.66.1
fixed
python310-idle
suse enterprise server 15 SP4
3.10.16-150400.4.66.1
fixed
python310-tk
suse enterprise server 15 SP4
3.10.16-150400.4.66.1
fixed
python310-tools
suse enterprise server 15 SP4
3.10.16-150400.4.66.1
fixed
python36
suse enterprise server 12 SP3
3.6.15-6.127.1
fixed
python36-base
suse enterprise server 12 SP3
3.6.15-6.127.1
fixed
python36-curses
suse enterprise server 12 SP3
3.6.15-6.127.1
fixed
python36-dbm
suse enterprise server 12 SP3
3.6.15-6.127.1
fixed
python36-devel
suse enterprise server 12 SP3
3.6.15-6.127.1
fixed
python36-idle
suse enterprise server 12 SP3
3.6.15-6.127.1
fixed
python36-testsuite
suse enterprise server 12 SP3
3.6.15-6.127.1
fixed
python36-tk
suse enterprise server 12 SP3
3.6.15-6.127.1
fixed
python36-tools
suse enterprise server 12 SP3
3.6.15-6.127.1
fixed
python39
suse enterprise sap 15 SP5
3.9.20-150300.4.58.1
fixed
suse enterprise server 15 SP5
3.9.20-150300.4.58.1
fixed
python39-base
suse enterprise sap 15 SP5
3.9.20-150300.4.58.1
fixed
suse enterprise server 15 SP5
3.9.20-150300.4.58.1
fixed
python39-curses
suse enterprise sap 15 SP5
3.9.20-150300.4.58.1
fixed
suse enterprise server 15 SP5
3.9.20-150300.4.58.1
fixed
python39-dbm
suse enterprise sap 15 SP5
3.9.20-150300.4.58.1
fixed
suse enterprise server 15 SP5
3.9.20-150300.4.58.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
platform-python
RHEL 8
0:3.6.8-69.el8_10
fixed
platform-python-debug
RHEL 8
0:3.6.8-69.el8_10
fixed
platform-python-devel
RHEL 8
0:3.6.8-69.el8_10
fixed
python-unversioned-command
RHEL 9
0:3.9.21-1.el9_5
fixed
python3
RHEL 9
0:3.9.21-1.el9_5
fixed
python3-debug
RHEL 9
0:3.9.21-1.el9_5
fixed
python3-devel
RHEL 9
0:3.9.21-1.el9_5
fixed
python3-idle
RHEL 8
0:3.6.8-69.el8_10
fixed
RHEL 9
0:3.9.21-1.el9_5
fixed
python3-libs
RHEL 8
0:3.6.8-69.el8_10
fixed
RHEL 9
0:3.9.21-1.el9_5
fixed
python3-test
RHEL 8
0:3.6.8-69.el8_10
fixed
RHEL 9
0:3.9.21-1.el9_5
fixed
python3-tkinter
RHEL 8
0:3.6.8-69.el8_10
fixed
RHEL 9
0:3.9.21-1.el9_5
fixed
Common Weakness Enumeration
References
https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5
https://github.com/python/cpython/commit/634ded45545ce8cbd6fd5d49785613dd7fa9b89e
https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550
https://github.com/python/cpython/commit/ddca2953191c67a12b1f19d6bca41016c6ae7132
https://github.com/python/cpython/issues/103848
https://github.com/python/cpython/pull/103849
https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/
https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html
https://security.netapp.com/advisory/ntap-20250411-0004/