CVE-2026-27124: Python Unencoded Url Path Substitution
A URL path template was substituted with potentially unsafe parameters without proper URL encoding. This can allow an attacker to inject path traversal sequences (e.g., `../`) or URL meta-characters (like `?` or `#`), bypassing intended path boundaries and leading to Server-Side Request Forgery (SSRF) or Path Traversal. Use `urllib.parse.quote` to properly e
Pythongreprules fetch cve-2026-27124-python-unencoded-url-path-substitution --engine opengrepDescription
A URL path template was substituted with potentially unsafe parameters without proper URL encoding. This can allow an attacker to inject path traversal sequences (e.g., `../`) or URL meta-characters (like `?` or `#`), bypassing intended path boundaries and leading to Server-Side Request Forgery (SSRF) or Path Traversal. Use `urllib.parse.quote` to properly e
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0