cpython: Incomplete control character validation in http.cookies

A control character validation flaw has been discovered in the Python http.cookie module. The Morsel.update, |= operator, and unpickling paths were not patched to resolve CVE-2026-0672, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...

MiracleLinux 7 : python-2.7.5-94.0.4.el7.AXS7 (AXSA:2024-8942:49)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8942:49 advisory. CVE-2024-7592: fix algorithm with quadratic complexity to avoid using excess CPU resources while parsing the cookie value. CVEs: CVE-2024-7592 There is a LOW...

Siemens Ruggedcom ROX Uncontrolled Resource Consumption (CVE-2024-7592)

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...

BIT-LIBPYTHON-2024-7592 Quadratic complexity parsing cookies with backslashes

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...

Malicious code in python-cookies-shower (PyPI)

--- -= Per source details. Do not edit below this line.=-...

SUSE CVE-2018-20852

http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostnam...

python: Cookie domain check returns incorrect results

http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostnam...