A vulnerability in the the urllib.parse.urlsplit and urllib.parse.urlparse components of Python could allow an unauthenticated, remote attacker to obtain sensitive information from a targeted system.
The vulnerability exists because the affected software mishandles unicode encoding (with an incorrect netloc) during normal form KC (NFKC) normalization. An attacker could exploit this vulnerability by supplying a crafted URL to the affected
software to be incorrectly parsed. A successful exploit could allow the attacker to obtain sensitive information, such as cookies and authentication data.
Python has confirmed this vulnerability and updates are available.
Security Impact Rating: Critical