A vulnerability in the the urllib.parse.urlsplit and urllib.parse.urlparse components of Python could allow an unauthenticated, remote attacker to obtain sensitive information from a targeted system.
The vulnerability is due to a security regression by the affected software that mishandles unicode encoding that includes an incorrect netloc during normal form KC (NFKC) normalization. An attacker could exploit this vulnerability by supplying a crafted URL to the affected software to be parsed. A successful exploit could allow the attacker to obtain sensitive information, such as cookies and authentication data.
Python has confirmed this vulnerability and updates are available.
Security Impact Rating: Critical