Medium: python3

🗓️ 25 Feb 2025 00:00:00Reported by AmazonType

amazon

amazon🔗 alas.aws.amazon.com👁 1 Views

CPython fixes for bracketed-host URL parsing, email header quoting, and cookie parsing performance.

Reporter	Title	Published	Views	Family All 912
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	15 Mar 202500:18	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge v5.1.1 is vulnerable to multiple Operator package issues	2 Apr 202517:43	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues	27 Sep 202422:50	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite - Iot Component uses axios 1.7.9 and Python-3.8.17 which is vulnerable to CVE-2023-40217, CVE-2024-6232, CVE-2022-40897, CVE-2024-6345, CVE-2023-5752 and CVE-2025-27152	25 Jun 202508:00	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues	27 Sep 202422:45	–	ibm
IBM Security Bulletins	Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to several issues due to the Python package (CVE-2024-6232, CVE-2024-7592, CVE-2024-7592)	23 Jul 202513:31	–	ibm
IBM Security Bulletins	Security Bulletin: AIX is affected by multiple vulnerabilities due to Python	5 Nov 202422:07	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite - Iot Component uses axios 1.7.9 and Python-3.8.17 which is vulnerable to CVE-2023-40217, CVE-2024-6232, CVE-2022-40897, CVE-2024-6345, CVE-2023-5752 and CVE-2025-27152	25 Jun 202507:57	–	ibm
IBM Security Bulletins	Security Bulletin: There is a vulnerability in CPython used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-7592,CVE-2024-6232,CVE-2024-8775)	4 Apr 202509:18	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.6 is vulnerable to multiple Operator package issues	1 Nov 202422:12	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	2	aarch64	python3	3.7.16-1.amzn2.0.12	python3-3.7.16-1.amzn2.0.12.aarch64.rpm
Amazon Linux	2	i686	python3	3.7.16-1.amzn2.0.12	python3-3.7.16-1.amzn2.0.12.i686.rpm
Amazon Linux	2	x86_64	python3	3.7.16-1.amzn2.0.12	python3-3.7.16-1.amzn2.0.12.x86_64.rpm
Amazon Linux	2	aarch64	python3-debug	3.7.16-1.amzn2.0.12	python3-debug-3.7.16-1.amzn2.0.12.aarch64.rpm
Amazon Linux	2	i686	python3-debug	3.7.16-1.amzn2.0.12	python3-debug-3.7.16-1.amzn2.0.12.i686.rpm
Amazon Linux	2	x86_64	python3-debug	3.7.16-1.amzn2.0.12	python3-debug-3.7.16-1.amzn2.0.12.x86_64.rpm
Amazon Linux	2	aarch64	python3-debuginfo	3.7.16-1.amzn2.0.12	python3-debuginfo-3.7.16-1.amzn2.0.12.aarch64.rpm
Amazon Linux	2	i686	python3-debuginfo	3.7.16-1.amzn2.0.12	python3-debuginfo-3.7.16-1.amzn2.0.12.i686.rpm
Amazon Linux	2	x86_64	python3-debuginfo	3.7.16-1.amzn2.0.12	python3-debuginfo-3.7.16-1.amzn2.0.12.x86_64.rpm
Amazon Linux	2	aarch64	python3-devel	3.7.16-1.amzn2.0.12	python3-devel-3.7.16-1.amzn2.0.12.aarch64.rpm

25 Feb 2025 00:00Current

7.4High risk

Vulners AI Score7.4

CVSS 3.17.5

CVSS 46.3

EPSS0.00883

SSVC

bracketed hosts url parsing email header quoting cookie parsing python vulnerabilities