Headline
GHSA-rw83-v3pw-m362: Withdrawn: safeurl-python contains Server-Side Request Forgery
Withdrawn
This advisory has been withdrawn as a duplicate of GHSA-jgh8-vchw-q3g7.
Original Description
isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF.
- GitHub Advisory Database
- GitHub Reviewed
- GHSA-rw83-v3pw-m362
Withdrawn: safeurl-python contains Server-Side Request Forgery
Low severity GitHub Reviewed Published Jan 30, 2023 to the GitHub Advisory Database • Updated Feb 1, 2023
Withdrawn This advisory was withdrawn on Feb 1, 2023
Package
pip safeurl-python (pip)
Published to the GitHub Advisory Database
Jan 30, 2023
Published by the National Vulnerability Database
Jan 30, 2023