This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author nsonaniya2010
Recipients nsonaniya2010, orsenthil
Date 2019-01-16.07:45:25
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
It have been identified that `urlparse` under `urllib.parse` module is detecting wrong hostname which could leads to a security issue known as Open redirect vulnerability.

Steps to reproduce the issue:

Following code will help you in reproducing the issue:

from urllib.parse import urlparse
x= '\'
y = urlparse(x)


The hostname from above URL which is actually rendered by browser is : ''.

In following browsers tested: (hostname detected as:

1. Chromium - Version 72.0.3626.7  - Developer Build
2. Firefox - 60.4.0esr (64-bit)
3. Internet Explorer - 11.0.9600.17843
4. Safari - Version 12.0.2 (14606.3.4)
Date User Action Args
2019-01-16 07:45:29nsonaniya2010setrecipients: + nsonaniya2010, orsenthil
2019-01-16 07:45:25nsonaniya2010setmessageid: <>
2019-01-16 07:45:25nsonaniya2010linkissue35748 messages
2019-01-16 07:45:25nsonaniya2010create