On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile...
7.3AI Score
0.0004EPSS
An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...
6.2CVSS
6AI Score
0.0005EPSS
An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged...
7.8CVSS
6.3AI Score
0.0004EPSS
An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extra_groups= parameter with an empty list as a value (ie extra_groups=[]) the logic regressed to not call setgroups(0, NULL)...
4.9CVSS
7.4AI Score
0.001EPSS