Medium severity5.3NVD Advisory· Published Jan 30, 2023· Updated Jun 17, 2026
CVE-2023-24622
CVE-2023-24622
Description
isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
safeurl-pythonPyPI | < 1.2 | 1.2 |
Affected products
2- safeurl-python/safeurl-pythondescription
Patches
Vulnerability mechanics
References
4- github.com/IncludeSecurity/safeurl-python/security/advisories/GHSA-jgh8-vchw-q3g7nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-jgh8-vchw-q3g7ghsaADVISORY
- github.com/IncludeSecurity/safeurl-python/pull/5/commits/42dd0c8e5fc84e17e1d3578d18aaea169eece474ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/safeurl-python/PYSEC-2023-298.yamlghsaWEB
News mentions
0No linked articles in our index yet.