CVE-2023-24329

HIGH

Python < 3.11.4 - URL Blocklist Bypass via Leading Blank Characters in urllib.parse

Title source: llm

Exploitation Summary

EIP tracks 5 public exploits for CVE-2023-24329. PoCs published by JawadPy, jithinodattu, PenTestMano.

AI-analyzed exploit summary The repository contains functional exploit code for CVE-2023-24329, demonstrating a URL parsing bypass in Python's urllib.parse before version 3.11.4. The PoC shows how leading whitespace in a URL can bypass blocked list checks due to incorrect normalization.

Description

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

Exploits (5)

github WORKING POC 1 stars

by JawadPy · pythonpoc

https://github.com/JawadPy/CVE-Exploit-Collection/tree/main/CVE-2023-24329-Exploit

View Code ZIP pw:eip

The repository contains functional exploit code for CVE-2023-24329, demonstrating a URL parsing bypass in Python's urllib.parse before version 3.11.4. The PoC shows how leading whitespace in a URL can bypass blocked list checks due to incorrect normalization.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Python urllib.parse (versions before 3.11.4)

No auth needed

Prerequisites: Python environment with urllib.parse < 3.11.4

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WORKING POC

by jithinodattu · poc

https://github.com/jithinodattu/CVE-2023-24329-lab

View Code ZIP pw:eip

This repository contains a functional exploit PoC for CVE-2023-24329, demonstrating a parser differential vulnerability in Python's urllib.parse.urlparse() that allows bypass of URL scheme filters. The lab includes a vulnerable API, an internal service, and an attacker script to showcase local file read and SSRF attacks.

Classification

Working Poc 100%

Attack Type

Ssrf | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Python < 3.11.4

No auth needed

Prerequisites: Docker · Python environment

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Apr 18, 2026 Full analysis →

nomisec WORKING POC

by PenTestMano · poc

https://github.com/PenTestMano/CVE-2023-24329-Exploit

View Code ZIP pw:eip

This repository demonstrates a URL parsing bypass in Python's urllib.parse (CVE-2023-24329) where leading whitespace in a URL circumvents blocked list checks. The PoC shows how a URL with leading spaces evades detection by urllib.parse.urlparse().geturl().

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Python urllib.parse (versions before 3.11.4)

No auth needed

Prerequisites: Python environment with urllib.parse (version < 3.11.4)

MITRE ATT&CK

T1008 - Fallback Channels T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by Pandante-Central · poc

https://github.com/Pandante-Central/CVE-2023-24329-codeql-test

View Code ZIP pw:eip

The repository contains a functional PoC for CVE-2023-24329, demonstrating a URL parsing vulnerability in Python's urllib.parse. The exploit shows how leading whitespace or '+' characters can bypass hostname blocking checks, potentially leading to SSRF.

Classification

Working Poc 90%

Attack Type

Ssrf

Complexity

Trivial

Reliability

Reliable

Target: Python urllib.parse (versions affected by CVE-2023-24329)

No auth needed

Prerequisites: Python environment with vulnerable urllib.parse

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by H4R335HR · poc

https://github.com/H4R335HR/CVE-2023-24329-PoC

View Code ZIP pw:eip

This PoC demonstrates CVE-2023-24329, a Python urllib parsing flaw where leading spaces in URLs bypass blocklists for schemes and hostnames. It includes a functional exploit that checks Python version vulnerability and allows testing of bypass techniques.

Classification

Working Poc 95%

Attack Type

Ssrf

Complexity

Trivial

Reliability

Reliable

Target: Python urllib (versions before 3.7.17, 3.8.17, 3.9.17, 3.10.12, 3.11.4, 3.12)

No auth needed

Prerequisites: Python environment with vulnerable urllib version

MITRE ATT&CK

T1189 - Drive-by Compromise T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (29)

Core 29

Core References

Issue Tracking

https://github.com/python/cpython/issues/102153

Patch

https://github.com/python/cpython/pull/99421

Mailing List

https://lists.debian.org/debian-lts-announce/2024/11/msg00005.html

Mailing List

https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html

Exploit, Mitigation, Technical Description, Third Party Advisory

https://pointernull.com/security/python-url-parse-problem.html

Third Party Advisory

https://security.netapp.com/advisory/ntap-20230324-0004/