Message333750
| Author |
nsonaniya2010 |
| Recipients |
nsonaniya2010, orsenthil |
| Date |
2019年01月16日.07:45:25 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<1547624725.28.0.16631607093.issue35748@roundup.psfhosted.org> |
| In-reply-to |
| Content |
Summary:
It have been identified that `urlparse` under `urllib.parse` module is detecting wrong hostname which could leads to a security issue known as Open redirect vulnerability.
Steps to reproduce the issue:
Following code will help you in reproducing the issue:
```
from urllib.parse import urlparse
x= 'http://www.google.com\@xxx.com'
y = urlparse(x)
print(y.hostname)
```
Output:
xxx.com
The hostname from above URL which is actually rendered by browser is : 'https://www.google.com'.
In following browsers tested: (hostname detected as: https://www.google.com)
```
1. Chromium - Version 72.0.3626.7 - Developer Build
2. Firefox - 60.4.0esr (64-bit)
3. Internet Explorer - 11.0.9600.17843
4. Safari - Version 12.0.2 (14606.3.4)
``` |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2019年01月16日 07:45:29 | nsonaniya2010 | set | recipients:
+ nsonaniya2010, orsenthil |
| 2019年01月16日 07:45:25 | nsonaniya2010 | set | messageid: <1547624725.28.0.16631607093.issue35748@roundup.psfhosted.org> |
| 2019年01月16日 07:45:25 | nsonaniya2010 | link | issue35748 messages |
| 2019年01月16日 07:45:25 | nsonaniya2010 | create |
|