6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.6%
Python reports:
bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid
a potential race condition.
bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the
fix for the CVE-2013-0340 “Billion Laughs” vulnerability. This copy is most used
on Windows and macOS.
bpo-43124: Made the internal putcmd function in smtplib sanitize input for
presence of \r and \n characters to avoid (unlikely) command injection.
bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4 address
strings. Leading zeros are ambiguous and interpreted as octal notation by some
libraries. For example the legacy function socket.inet_aton() treats leading
zeros as octal notation. glibc implementation of modern inet_pton() does not
accept any leading zeros. For a while the ipaddress module used to accept ambiguous
leading zeros.