image credit: pexels
Different libraries can parse the same URL in different ways and these inconsistencies can lead to unexpected behavior that could be abused by malicious actors.
Researchers from Claroty and Snyk have analyzed 16 URL parsing libraries, including urllib, urllib3, rfc3986, httptools (all written in Python), libcurl (cURL), Wget (Chrome), Uri (.NET), URL (Java), URI (Java), parse_url (PHP), url and url-parse (NodeJS), net/url (Go), uri (Ruby) and URI (Perl).
Comments are closed.
