CVE-2023-41105

Summary

CVE-2023-41105 is a vulnerability affecting Python 3.11 through 3.11.4. This issue arises when the os.path.normpath() function encounters a path containing '\\0' bytes. Instead of rejecting the filename for security reasons, as previous versions of Python would have done, the function unexpectedly truncates the path at the first occurrence of '\\0' byte. This could potentially lead to unintended directory traversal or other security issues in applications that rely on this function. It is recommended that users upgrade to the latest version of Python, 3.11.5, which contains a fix for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.