Title: [Security] A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! · Issue #76266 · python/cpython · GitHub
Open Graph Title: [Security] A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! · Issue #76266 · python/cpython
X Title: [Security] A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! · Issue #76266 · python/cpython
Description: BPO 32085 Nosy @vstinner, @tiran, @vadmium, @csabella, @orangetw Dependencies bpo-30458: [security][CVE-2019-9740][CVE-2019-9947] HTTP Header Injection (follow-up of CVE-2016-5699)bpo-32185: SSLContext.wrap_socket sends SNI Extension whe...
Open Graph Description: BPO 32085 Nosy @vstinner, @tiran, @vadmium, @csabella, @orangetw Dependencies bpo-30458: [security][CVE-2019-9740][CVE-2019-9947] HTTP Header Injection (follow-up of CVE-2016-5699)bpo-32185: SSLCon...
X Description: BPO 32085 Nosy @vstinner, @tiran, @vadmium, @csabella, @orangetw Dependencies bpo-30458: [security][CVE-2019-9740][CVE-2019-9947] HTTP Header Injection (follow-up of CVE-2016-5699)bpo-32185: SSLCon...
Opengraph URL: https://github.com/python/cpython/issues/76266
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"[Security] A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!","articleBody":"BPO | [32085](https://bugs.python.org/issue32085)\n--- | :---\nNosy | @vstinner, @tiran, @vadmium, @csabella, @orangetw\nDependencies | \u003cli\u003ebpo-30458: [security][CVE-2019-9740][CVE-2019-9947] HTTP Header Injection (follow-up of CVE-2016-5699)\u003c/li\u003e\u003cli\u003ebpo-32185: SSLContext.wrap_socket sends SNI Extension when server_hostname is IP\u003c/li\u003e\n\n\u003csup\u003e*Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.*\u003c/sup\u003e\n\n\u003cdetails\u003e\u003csummary\u003eShow more details\u003c/summary\u003e\u003cp\u003e\n\nGitHub fields:\n```python\nassignee = None\nclosed_at = \u003cDate 2021-09-21.22:21:09.158\u003e\ncreated_at = \u003cDate 2017-11-20.14:15:17.542\u003e\nlabels = ['type-security']\ntitle = '[Security] A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!'\nupdated_at = \u003cDate 2021-09-21.22:21:09.157\u003e\nuser = 'https://github.com/vstinner'\n```\n\nbugs.python.org fields:\n```python\nactivity = \u003cDate 2021-09-21.22:21:09.157\u003e\nactor = 'vstinner'\nassignee = 'none'\nclosed = True\nclosed_date = \u003cDate 2021-09-21.22:21:09.158\u003e\ncloser = 'vstinner'\ncomponents = []\ncreation = \u003cDate 2017-11-20.14:15:17.542\u003e\ncreator = 'vstinner'\ndependencies = ['30458', '32185']\nfiles = []\nhgrepos = []\nissue_num = 32085\nkeywords = []\nmessage_count = 5.0\nmessages = ['306543', '306980', '307418', '313709', '402393']\nnosy_count = 5.0\nnosy_names = ['vstinner', 'christian.heimes', 'martin.panter', 'cheryl.sabella', 'orange']\npr_nums = []\npriority = 'normal'\nresolution = 'out of date'\nstage = 'resolved'\nstatus = 'closed'\nsuperseder = None\ntype = 'security'\nurl = 'https://bugs.python.org/issue32085'\nversions = []\n```\n\n\u003c/p\u003e\u003c/details\u003e\n","author":{"url":"https://github.com/vstinner","@type":"Person","name":"vstinner"},"datePublished":"2017-11-20T14:15:18.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":5},"url":"https://github.com/76266/cpython/issues/76266"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:211099b9-e073-c9f1-41bd-451ffca33a0b |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | A044:36DB52:25A66CF:362B29D:6A4D1514 |
| html-safe-nonce | 96dc96c34291e9826a30530c0044728d2eedda88200cb72142616ba1e8db6321 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJBMDQ0OjM2REI1MjoyNUE2NkNGOjM2MkIyOUQ6NkE0RDE1MTQiLCJ2aXNpdG9yX2lkIjoiNTAwNjg1MzU2MTU0NTIwMDkxNiIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9 |
| visitor-hmac | 9d07fe5c6a2442b56af02acc02a4f09664ba2c9b0940009fe6913475c819497f |
| hovercard-subject-tag | issue:1198983038 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/python/cpython/76266/issue_layout |
| twitter:image | https://opengraph.githubassets.com/c03fb89fd31dc0c4115e9264197a8c670db5a6d6b5a431b9926ead0b614e3218/python/cpython/issues/76266 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/c03fb89fd31dc0c4115e9264197a8c670db5a6d6b5a431b9926ead0b614e3218/python/cpython/issues/76266 |
| og:image:alt | BPO 32085 Nosy @vstinner, @tiran, @vadmium, @csabella, @orangetw Dependencies bpo-30458: [security][CVE-2019-9740][CVE-2019-9947] HTTP Header Injection (follow-up of CVE-2016-5699)bpo-32185: SSLCon... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | vstinner |
| hostname | github.com |
| expected-hostname | github.com |
| None | bcb4661e6fb4fe8b394c51ea02ccdb2236d40dc59afc75a3bbba50bf6517134c |
| turbo-cache-control | no-preview |
| go-import | github.com/python/cpython git https://github.com/python/cpython.git |
| octolytics-dimension-user_id | 1525981 |
| octolytics-dimension-user_login | python |
| octolytics-dimension-repository_id | 81598961 |
| octolytics-dimension-repository_nwo | python/cpython |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 81598961 |
| octolytics-dimension-repository_network_root_nwo | python/cpython |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | fb70bd3c4b2bec429781b65419e912c66e2d5581 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width