ROSA LABROSA-SA-2023-2203Advisory ROSA-SA-2023-2203
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.04 Low
EPSS
Percentile
92.0%
Software: python 2.7.5
OS: rosa-server79
package_evr_string: python-2.7.5-93.res7
CVE-ID: CVE-2023-24329
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: A problem in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blacklisting methods by providing a URL that starts with empty characters.
CVE-STATUS: Fixed
CVE-REV: Run the yum update python command to close it
CVE-ID: CVE-2022-0391
BDU-ID: 2022-02302
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the urllib.parse module of the Python programming language interpreter is related to the failure to neutralize CRLF sequences. Exploitation of the vulnerability could allow an attacker acting remotely to pass specially crafted data containing CR-LF characters to an application and alter the application’s behavior
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update python command
CVE-ID: CVE-2021-3177
BDU-ID: 2021-01781
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the PyCArg_repr (ctypes/callproc.c) function of the Python programming language interpreter is related to buffer copying without checking the size of the input data. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update python command.
CVE-ID: CVE-2020-26116
BDU-ID: 2021-03738
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the HTTP request method of the Python programming language is related to a flaw in the output encoding or escaping mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data and compromise its integrity
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update python command
CVE-ID: CVE-2020-26137
BDU-ID: 2021-05230
CVE-Crit: MEDIUM
CVE-DESC.: Vulnerability in the urllib3 module of the Python programming language interpreter due to insufficient neutralization of special elements in a request, allowing an attacker to access sensitive data and compromise its integrity
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update python command
CVE-ID: CVE-2019-20907
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: In Lib/tarfile.py in Python before 3.8.3, an attacker could create a TAR archive leading to an infinite loop when opened with tarfile.open because _proc_pax lacks header validation.
CVE-STATUS: Fixed
CVE-REV: Run the yum update python command to close it
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.04 Low
EPSS
Percentile
92.0%