Description
The maltiverse.py script contains a bug that exposes it to the CVE-2024-11168 vulnerability, expected to be fixed for Python v3.10 in python/cpython#126975. Nevertheless, until the PR is merged and a new patch version is released, we need to modify the script to reduce the risk of unwanted behavior in the script.
|
def is_valid_url(url: str) -> bool: |
|
"""Check if a URL is valid. |
|
|
|
Parameters |
|
---------- |
|
url : str |
|
The URL to check. |
|
|
|
Returns |
|
------- |
|
bool |
|
True if the URL is valid, False otherwise. |
|
""" |
|
split_url = urlsplit(url) |
|
return bool(split_url.scheme and split_url.netloc) |
Tasks
Description
The
maltiverse.pyscript contains a bug that exposes it to the CVE-2024-11168 vulnerability, expected to be fixed for Pythonv3.10in python/cpython#126975. Nevertheless, until the PR is merged and a new patch version is released, we need to modify the script to reduce the risk of unwanted behavior in the script.wazuh/integrations/maltiverse.py
Lines 204 to 218 in 6cf1a07
Tasks
is_valid_urlfunction implementation to check the URL taking into account URL parsing security.