7.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
COMPLETE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:C/A:P
0.005 Low
EPSS
Percentile
76.9%
Converting between int and str in bases other than 2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic complexity. (CVE-2020-10735) mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). (CVE-2015-20107) Open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. (CVE-2021-28861) Also fixes permissions and title for the documentation.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 8 | noarch | python3 | < 3.8.14-1.1 | python3-3.8.14-1.1.mga8 |
Mageia | 8 | noarch | python-pip | < 22.0.4-1 | python-pip-22.0.4-1.mga8 |
bugs.mageia.org/show_bug.cgi?id=30848
bugs.mageia.org/show_bug.cgi?id=30929
lists.fedoraproject.org/archives/list/[email protected]/thread/2VCU6EVQDIXNCEDJUCTFIER2WVNNDTYZ/
lists.fedoraproject.org/archives/list/[email protected]/thread/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/
lists.opensuse.org/archives/list/[email protected]/thread/LSVFIZF6ZYMLK2HRCPTYDPZM3P6NDQKU/
pythoninsider.blogspot.com/2022/09/python-releases-3107-3914-3814-and-3714.html
ubuntu.com/security/notices/USN-5629-1
www.openwall.com/lists/oss-security/2022/09/21/1
7.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
COMPLETE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:C/A:P
0.005 Low
EPSS
Percentile
76.9%