![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipWoMsUciYLF8RHPLBbaro8Ww9LMvTawLIrC5xFxPrMEbEMwGaFpV5vKkw9fAF_S3Isv3yecomhUv0ojdJ9AYn7aM3Juj0EADarne4Dv9bs1ACnZWpyMjslk5uEdpX0s4JlWydWnNAZ-D4vGm2gjQTJ2Vxg0nXEsPd689D3xIbn8thxQc6Ot-ynZwX0ogR/s1600/python.jpg)
A high-severity security flaw has been disclosed in the Python URL parsing function that could be exploited to bypass domain or protocol filtering methods implemented with a blocklist, ultimately resulting in arbitrary file reads and command execution.
“urlparse has a parsing problem when the entire URL starts with blank characters,” the CERT Coordination Center (CERT/CC) said in a Friday
Source:: The Hackers News