{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T08:49:24.205","vulnerabilities":[{"cve":{"id":"CVE-2025-0938","sourceIdentifier":"cna@python.org","published":"2025-01-31T18:15:38.053","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers."},{"lang":"es","value":"Las funciones estándar librería de Python `urllib.parse.urlsplit` y `urlparse` aceptaban nombres de dominio que incluían corchetes, lo que no es válido según RFC 3986. Los corchetes solo se deben usar como delimitadores para especificar hosts IPv6 e IPvFuture en las URL. Esto podría generar un análisis diferencial entre el analizador de URL de Python y otros analizadores de URL que cumplen con las especificaciones."}],"metrics":{"cvssMetricV40":[{"source":"cna@python.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cna@python.org","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://github.com/python/cpython/commit/526617ed68cde460236c973e5d0a8bad4de896ba","source":"cna@python.org"},{"url":"https://github.com/python/cpython/commit/90e526ae67b172ed7c6c56e7edad36263b0f9403","source":"cna@python.org"},{"url":"https://github.com/python/cpython/commit/a7084f6075c9595ba60119ce8c62f1496f50c568","source":"cna@python.org"},{"url":"https://github.com/python/cpython/commit/b8b4b713c5f8ec0958c7ef8d29d6711889bc94ab","source":"cna@python.org"},{"url":"https://github.com/python/cpython/commit/d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a","source":"cna@python.org"},{"url":"https://github.com/python/cpython/commit/ff4e5c25666f63544071a6b075ae8b25c98b7a32","source":"cna@python.org"},{"url":"https://github.com/python/cpython/issues/105704","source":"cna@python.org"},{"url":"https://github.com/python/cpython/pull/129418","source":"cna@python.org"},{"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/K4EUG6EKV6JYFIC24BASYOZS4M5XOQIB/","source":"cna@python.org"},{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00013.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20250314-0002/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}