Lucene search
RedHatRHSA-2023:3585HistoryJun 14, 2023 - 7:57 a.m.
(RHSA-2023:3585) Important: python3.11 security update
2023-06-1407:57:41
access.redhat.com
29
python3.11 security update
urllib.parse
blocklisting bypass fix
cve-2023-24329
programming language
standard library
third-party libraries
cvss score
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.002
Percentile
52.1%
Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries.
Security Fix(es):
- python: urllib.parse url blocklisting bypass (CVE-2023-24329)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 9 | aarch64 | python3.11-devel | < 3.11.2-2.el9_2.1 | python3.11-devel-3.11.2-2.el9_2.1.aarch64.rpm |
| RedHat | 9 | x86_64 | python3.11-test | < 3.11.2-2.el9_2.1 | python3.11-test-3.11.2-2.el9_2.1.x86_64.rpm |
| RedHat | 9 | aarch64 | python3.11-libs | < 3.11.2-2.el9_2.1 | python3.11-libs-3.11.2-2.el9_2.1.aarch64.rpm |
| RedHat | 9 | ppc64le | python3.11-test | < 3.11.2-2.el9_2.1 | python3.11-test-3.11.2-2.el9_2.1.ppc64le.rpm |
| RedHat | 9 | x86_64 | python3.11-debuginfo | < 3.11.2-2.el9_2.1 | python3.11-debuginfo-3.11.2-2.el9_2.1.x86_64.rpm |
| RedHat | 9 | i686 | python3.11-idle | < 3.11.2-2.el9_2.1 | python3.11-idle-3.11.2-2.el9_2.1.i686.rpm |
| RedHat | 9 | ppc64le | python3.11-debugsource | < 3.11.2-2.el9_2.1 | python3.11-debugsource-3.11.2-2.el9_2.1.ppc64le.rpm |
| RedHat | 9 | i686 | python3.11-debugsource | < 3.11.2-2.el9_2.1 | python3.11-debugsource-3.11.2-2.el9_2.1.i686.rpm |
| RedHat | 9 | ppc64le | python3.11-idle | < 3.11.2-2.el9_2.1 | python3.11-idle-3.11.2-2.el9_2.1.ppc64le.rpm |
| RedHat | 9 | x86_64 | python3.11-libs | < 3.11.2-2.el9_2.1 | python3.11-libs-3.11.2-2.el9_2.1.x86_64.rpm |
Related
nessus
nessus
RHEL 8 : python39:3.9 and python39-devel:3.9 (RHSA-2023:3776)
2023-06-22 00:00:00
RHEL 8 : python27:2.7 (RHSA-2023:3810)
2023-06-27 00:00:00
CentOS 9 : python3.11-3.11.4-3.el9
2024-02-29 00:00:00
openvas
openvas
CentOS: Security Advisory for python3 (CESA-2023:3556)
2023-07-30 00:00:00
Fedora: Security Advisory for python3.9 (FEDORA-2023-b854908745)
2023-06-09 00:00:00
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2023-2517)
2023-08-01 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: pypy-7.3.11-2.fc37
2023-06-08 02:00:25
[SECURITY] Fedora 37 Update: python3.11-3.11.3-2.fc37
2023-05-27 01:26:58
[SECURITY] Fedora 37 Update: pypy3.9-7.3.11-2.3.9.fc37
2023-06-08 02:00:27
osv
osv
Important: python3 security update
2023-06-14 00:00:00
Important: python39:3.9 and python39-devel:3.9 security update
2023-08-31 16:54:34
CVE-2023-24329
2023-02-17 15:15:12
oraclelinux
oraclelinux
python3 security update
2023-06-12 00:00:00
python27:2.7 security update
2023-07-08 00:00:00
python3 security update
2023-06-15 00:00:00
redhat
redhat
(RHSA-2023:4282) Important: Red Hat Virtualization Host 4.4.z SP 1 security update
2023-07-26 09:50:48
(RHSA-2023:3936) Important: python3 security update
2023-06-29 12:54:45
ibm
ibm
Security Bulletin: A vulnerability in Python may affect IBM Robotic Process Automation and result in a remote attacker bypassing security restrictions (CVE-2023-24329).
2023-11-22 20:55:44
almalinux
almalinux
Important: python3 security update
2023-06-14 00:00:00
Important: python39:3.9 and python39-devel:3.9 security update
2023-06-27 00:00:00
Important: python27:2.7 security update
2023-06-22 00:00:00
amazon
amazon
Medium: python3
2023-03-17 16:34:00
cloudlinux
cloudlinux
python: Fix of CVE-2023-24329
2023-03-06 21:09:04
python: Fix of CVE-2023-24329
2023-07-20 20:54:04
ubuntucve
ubuntucve
CVE-2023-24329
2023-02-17 00:00:00
slackware
slackware
[slackware-security] python3
2023-06-09 01:28:03
cbl_mariner
cbl_mariner
CVE-2023-24329 affecting package python3 3.7.13-5
2023-03-16 03:40:27
rocky
rocky
python3.11 security update
2023-08-31 16:54:34
python27:2.7 security update
2023-06-24 18:52:51
cloudfoundry
cloudfoundry
USN-5960-1: Python vulnerability | Cloud Foundry
2023-04-29 00:00:00
redhatcve
redhatcve
CVE-2023-24329
2023-02-28 12:29:51
cert
cert
Python Parsing Error Enabling Bypass CVE-2023-24329
2023-08-11 00:00:00
cvelist
cvelist
CVE-2023-24329
2023-02-17 00:00:00
debiancve
debiancve
CVE-2023-24329
2023-02-17 15:15:12
centos
centos
python, tkinter security update
2023-07-27 14:34:23
prion
prion
Security feature bypass
2023-02-17 15:15:00
nvd
nvd
CVE-2023-24329
2023-02-17 15:15:12
thn
thn
New Python URL Parsing Flaw Could Enable Command Execution Attacks
2023-08-12 06:03:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.002
Percentile
52.1%
Related for RHSA-2023:3585