Sihoon Lee

**Name of the Vulnerable Software and Affected Versions** Python versions 2.x through 2.7.16 **Description** The issue is related to the urllib module in Python, which supports the local file: scheme. This makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs. An example of exploitation is triggering a `urllib.urlopen('local file:///etc/passwd')` call, allowing attackers to access confidential data and compromise its integrity. The vulnerability is associated with errors in input data verification. **Recommendations** For versions 2.x through 2.7.16, consider disabling the use of the local file: scheme in the urllib module as a temporary workaround until a patch is available. Restrict access to sensitive files and data to minimize the risk of exploitation. Avoid using the `urllib.urlopen()` function with unverified input. At the moment, there is no information about a newer version that contains a fix for this vulnerability.