New submission from Nam Nguyen: Reported by Orange Tsai:
========== Hi, Python Security Team import urllib from urlparse import urlparse url = 'http://127.0.0.1#@evil.com/' print urlparse(url).netloc # 127.0.0.1 print urllib.urlopen(url).read() # will access evil.com I have tested on the latest version of Python 2.7.13. ========== ---------- components: Library (Lib) messages: 294667 nosy: Nam.Nguyen priority: normal pull_requests: 1933 severity: normal status: open title: urllib connects to a wrong host type: security versions: Python 2.7, Python 3.7 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue30500> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com