bpo-30500: urllib connects to a wrong host

The urllib module doesn’t parse correctly password containing the # character.

  • Disclosure date: 2017-05-29 (Python issue bpo-30500 reported)
  • Reported at: 2017-03-04 (Orange Tsai on the PSRT list)

Fixed In

Vulnerable Versions

  • Python 3.7

Python issue

[security] urllib connects to a wrong host.

  • Python issue: bpo-30500
  • Creation date: 2017-05-29
  • Reporter: Nam Nguyen

Timeline

Timeline using the disclosure date 2017-05-29 as reference: