{"id":"PYSEC-2023-298","details":"isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF.","aliases":["CVE-2023-24622","GHSA-jgh8-vchw-q3g7"],"modified":"2024-11-25T22:42:15.112340Z","published":"2023-01-30T05:15:00Z","references":[{"type":"ADVISORY","url":"https://github.com/IncludeSecurity/safeurl-python/security/advisories/GHSA-jgh8-vchw-q3g7"}],"affected":[{"package":{"name":"safeurl-python","ecosystem":"PyPI","purl":"pkg:pypi/safeurl-python"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2"}]}],"versions":["1.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/safeurl-python/PYSEC-2023-298.yaml"}},{"package":{"name":"safeurl-python","ecosystem":"PyPI","purl":"pkg:pypi/safeurl-python"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2"}]}],"versions":["1.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/safeurl-python/PYSEC-2023-298.yaml"}},{"package":{"name":"safeurl-python","ecosystem":"PyPI","purl":"pkg:pypi/safeurl-python"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2"}]}],"versions":["1.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/safeurl-python/PYSEC-2023-298.yaml"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}