CVE-2023-24329 — Vulnetix

CVE-2023-24329 PUBLISHED CVSS 6.5 MEDIUM

An issue in the urllib.parse component of Python allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. Successful exploitation of this vulnerability could lead to addition or modification of data by an authenticated attacker.

EPSS 1.44% · 81.1th percentile

Risk Scores

CVSS 3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:P/RL:W/RC:C

EPSS Score

1.44%

81.1th percentile

Affected Products

Vendor	Product	Versions
ABB	ABB M2M Gateway SW, software versions >=5.0.1\|<=5.0.3
ABB	ABB M2M Gateway ARM600, firmware versions >=4.1.2\|<=5.0.3

Exploit Intelligence

jithinodattu/CVE-2023-24329-lab (github-poc-repo)
jithinodattu/CVE-2023-24329-lab (github-poc-repo)
jithinodattu/CVE-2023-24329-lab (github-poc-repo)
jithinodattu/CVE-2023-24329-lab (github-poc-repo)
jithinodattu/CVE-2023-24329-lab (github-poc-repo)
jithinodattu/CVE-2023-24329-lab (github-poc-repo)
jithinodattu/CVE-2023-24329-lab (github-poc-repo)
jithinodattu/CVE-2023-24329-lab (github-poc-repo)
jithinodattu/CVE-2023-24329-lab (github-poc-repo)
jithinodattu/CVE-2023-24329-lab (github-poc-repo)

…and 148 more exploits

Timeline

CVE Published
Feb 18, 2023 EPSS Score
Mar 7, 2023 EPSS Score
May 8, 2023 EPSS Score
Jun 17, 2023 EPSS Score
Sep 4, 2023 EPSS Score
Oct 13, 2023 EPSS Score
Nov 22, 2023 EPSS Score
Feb 9, 2024 EPSS Score
Mar 20, 2024 EPSS Score
May 8, 2024 PoC Published
Jun 7, 2024 EPSS Score

References

Open in Interactive Console →