New submission from Yassine ABOUKIR: The module urlparse lacks proper validation of the input leading to open redirect vulnerability.
The issue is that URLs do not survive the round-trip through `urlunparse(urlparse(url))`. Python sees `/////foo.com` as a URL with no hostname or scheme and a path of `//foo.com`, but when it reconstructs the URL after parsing, it becomes `//foo.com`. This can be practically exploited this way : http://example.com/login?next=/////evil.com The for fix this would be for `urlunparse()` to serialize paths with two leading slashes as '/%2F', at least when `scheme` and `netloc` are empty. ---------- components: Library (Lib) messages: 236470 nosy: yaaboukir priority: normal severity: normal status: open title: Urlparse insufficient validation leads to open redirect type: security _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue23505> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
