Improper Authorization in Handler for Custom URL Scheme
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-939: Improper Authorization in Handler for Custom URL Scheme |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
User-controlled or dynamic input is being passed directly to urllib functions that accept URLs. Since urllib supports ‘file://’ schemes, this could let attackers access local files if they control the input.
Impact#
An attacker may be able to read sensitive files from the server by providing specially crafted URLs, potentially exposing credentials, configuration files, or other confidential data and leading to severe information disclosure.