663 matches found
AZL-47865 CVE-2024-7592 affecting package python3 for versions less than 3.12.3-2
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...
CVE-2024-7592
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...
AZL-47860 CVE-2024-7592 affecting package python3 for versions less than 3.9.19-4
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...
CVE-2024-7592 Quadratic complexity parsing cookies with backslashes
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...
CVE-2024-7592
CVE-2024-7592 affects CPython's http.cookies module. The cookie value parser can enter a quadratic-time path when backslashes are used for quoted characters, causing increased CPU usage. Connected advisories confirm CPython-level impact across multiple distributions and reference fixes in CPython...
CVE-2024-7592 Quadratic complexity parsing cookies with backslashes
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...
CVE-2024-7592
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...
PSF-2024-9
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...
CVE-2024-7592
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...
BIT-PYTHON-2024-6923 Email header injection due to unquoted newlines
There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized...
PT-2024-7268
Name of the Vulnerable Software and Affected Versions: CPython versions prior to 3.13.0 Description: The issue is related to the 'http.cookies' standard library module in CPython. When parsing cookies that contain backslashes for quoted characters in the cookie value, the parser uses an algorithm...
CentOS 9 : python3.9-3.9.19-7.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the python3.9-3.9.19-7.el9 build changelog. - There is a MEDIUM severity vulnerability affecting CPython. The email module didn't properly quote newlines for email headers when serializing ...
SUSE CVE-2024-6923
There is a MEDIUM severity vulnerability affecting CPython. The email module didn't properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized...
Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2024-699)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-699 advisory. A defect was discovered in the Python ssl module where there is a memoryrace condition with the ssl.SSLContext methods certstorestats andgetcacerts. The race condition can be triggered if the methods...
CBL Mariner 2.0 Security Update: python3 (CVE-2024-0397)
The version of python3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-0397 advisory. - A defect was discovered in the Python ssl module where there is a memory race condition with the...
Leaked GitHub Python Token
Heres a disaster that didnt happen: Cybersecurity researchers from JFrog recently discovered a GitHub Personal Access Token in a public Docker container hosted on Docker Hub, which granted elevated access to the GitHub repositories of the Python language, Python Package Index PyPI, and the Python...
CVE-2024-6923
There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized...
AZL-47346 CVE-2024-6923 affecting package python3 for versions less than 3.9.19-8
There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized...
CVE-2024-6923
There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized...
ALPINE-CVE-2024-6923
There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized...