Broadcom API Gateway 10.1 - Python vulnerability CVE-2023-24329

search cancel

Broadcom API Gateway 10.1 - Python vulnerability CVE-2023-24329

book

Article ID: 274150

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

CVE-2023-24329

Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-24329

Affected version: Python before 3.11.4

Cause

"... An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters ..."

Resolution

Install the August 2023 Monthly Platform Update Patch or higher. The updated/fixed package is already shipped as part of MPP.

Reference: https://access.redhat.com/errata/RHSA-2023:3555

Feedback

thumb_up Yes

thumb_down No