Lucene search
K

27 matches found

OSV
OSV
added 2026/06/29 11:14 a.m.7 views

BIT-PYTHON-MIN-2026-0864 Configuration Injection via Carriage Return (\r) in write() method

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...

4.1CVSS5.7AI score0.00128EPSS
Exploits0References8
OSV
OSV
added 2026/06/29 11:14 a.m.6 views

BIT-PYTHON-2026-0864 Configuration Injection via Carriage Return (\r) in write() method

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...

4.1CVSS5.7AI score0.00128EPSS
Exploits0References8
OSV
OSV
added 2026/06/29 11:10 a.m.7 views

BIT-LIBPYTHON-2026-0864 Configuration Injection via Carriage Return (\r) in write() method

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...

4.1CVSS5.7AI score0.00128EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/24 1:56 a.m.8 views

CVE-2026-0864

A flaw was found in the Python configparser module. When writing configuration files, an attacker who controls the input value can inject unexpected keys and values. This occurs if the input contains multi-line text with carriage return characters, leading to potential configuration manipulation...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References7
NVD
NVD
added 2026/06/23 6:17 p.m.10 views

CVE-2026-0864

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...

4.1CVSS0.00128EPSS
Exploits0References7
OSV
OSV
added 2026/06/23 6:17 p.m.3 views

DEBIAN-CVE-2026-0864

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...

4.1CVSS5.8AI score0.00128EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 6:17 p.m.3 views

UBUNTU-CVE-2026-0864

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...

4.1CVSS5.8AI score0.00128EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 5:42 p.m.51 views

CVE-2026-0864

The CVE-2026-0864 entry concerns Python’s configparser.write() and how it handles multi-line text values containing carriage return characters. The vulnerability arises when attacker-controlled values are written, potentially allowing injection of unexpected keys and values into the resulting con...

4.1CVSS5.8AI score0.00128EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/23 5:42 p.m.86 views

CVE-2026-0864 Configuration Injection via Carriage Return (\r) in write() method

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...

4.1CVSS0.00128EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/23 5:42 p.m.6 views

CVE-2026-0864 Configuration Injection via Carriage Return (\r) in write() method

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...

4.1CVSS5.8AI score0.00128EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/06/23 5:42 p.m.5 views

CVE-2026-0864

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...

4.1CVSS5.8AI score0.00128EPSS
Exploits0
EUVD
EUVD
added 2026/06/23 5:42 p.m.9 views

EUVD-2026-38554

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...

4.1CVSS5.8AI score0.00128EPSS
Exploits0References4
OSV
OSV
added 2026/06/23 5:42 p.m.3 views

CVE-2026-0864 Configuration Injection via Carriage Return (\r) in write() method

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...

4.1CVSS5.9AI score0.00128EPSS
Exploits0References10
OSV
OSV
added 2026/06/23 5:42 p.m.6 views

PSF-2026-29

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...

4.1CVSS5.8AI score0.00128EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.11 views

PT-2026-51575

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description When using the configparser module to write configuration files containing multi-line text values with carriage return characters r, the resulting file could be injected with unexpected keys a...

4.1CVSS5.7AI score0.00128EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.11 views

CVE-2026-44244

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.setvalue passes values to Python's configparser without validating for newlines. GitPython's own write converts embedded newlines into indented continuation lines e.g. \n becomes \n\t, b...

7.8CVSS7.7AI score0.00237EPSS
Exploits1References1
OSV
OSV
added 2026/05/07 7:16 p.m.4 views

DEBIAN-CVE-2026-44244

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.setvalue passes values to Python's configparser without validating for newlines. GitPython's own write converts embedded newlines into indented continuation lines e.g. \n becomes \n\t, b...

7.8CVSS5.8AI score0.00237EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

GitPython 代码注入漏洞

GitPython is a Python library developed by gitpython-developers, designed for interacting with Git repositories. Versions of GitPython prior to 3.1.49 contained a code injection vulnerability. This vulnerability stemmed from the use of GitConfigParser.setvalue, which did not validate line endings...

7.8CVSS6AI score0.00237EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/05/07 12:0 a.m.12 views

CVE-2026-44244

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.setvalue passes values to Python's configparser without validating for newlines. GitPython's own write converts embedded newlines into indented continuation lines e.g. \n becomes \n\t, b...

7.8CVSS5.8AI score0.00237EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.11 views

FreeBSD : Python -- configparser vulnerable to excessive CPU use (5ec4dcf6-3588-11f1-b51c-6dd25bec137b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 5ec4dcf6-3588-11f1-b51c-6dd25bec137b advisory. Stan Ulbrych reports: configparser.RawConfigParser.OPTCRE,OPTCRENV regexes are vulnerable to quadratic...

5.9AI score
Exploits0References2
Rows per page
Query Builder