EUVD-2023-45624

Malicious code in bioql PyPI...

BIT-PYTHON-MIN-2023-41105

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python...

GLSA-202405-01 : Python, PyPy3: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202405-01 Python, PyPy3: Multiple Vulnerabilities - An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the...

CentOS 9 : python3.11-3.11.5-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the python3.11-3.11.5-1.el9 build changelog. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily...

CentOS 8 : python3.11 (CESA-2023:7024)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:7024 advisory. - Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers t...

Oracle Linux 8 : python3.11 (ELSA-2023-7024)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7024 advisory. - Security fixes for CVE-2023-40217 and CVE-2023-41105 Resolves: RHEL-3047, RHEL-3267 - Fix symlink handling in the fix for CVE-2023-24329 Resolves:...

RHEL 8 : python3.11 (RHSA-2023:7024)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7024 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

RHEL 9 : python3.11 (RHSA-2023:6494)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6494 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

Untrusted Search Path

python is vulnerable to Untrusted Search Path. The vulnerability is due to the Pynormpath function which cannot process paths with embedded null characters without truncating the path. If a path containing the \0 byte is passed to os.path.normpath, the path will be truncated unexpectedly at the...

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2023-317)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-317 advisory. An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP servers that use TLS client...

PSF-2023-9 os.path.normpath() truncates on null bytes

Passing a path with null bytes to the os.path.normpath function causes the returned path to be unexpectedly truncated at the first occurrence of null bytes within the path. Python versions before 3.11.0 didn’t truncate the path on null bytes. If allowlisting is applied before a call to...

CVE-2023-41105

The CVE-2023-41105 issue affects Python 3.11–3.11.4: if a path containing a null byte (\0) is passed to os.path.normpath(), the path is truncated at the first null byte. The description notes cases where filenames would have been rejected for security reasons in Python 3.10.x or earlier are no lo...